Malware Analysis Report

2025-01-18 20:57

Sample ID 241125-kseb3ayldy
Target 9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118
SHA256 8fbaa301ca4ad9034df155670f66c428ad36d9dc5b6d573edb520b32793b780b
Tags
xorist persistence ransomware spyware stealer discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8fbaa301ca4ad9034df155670f66c428ad36d9dc5b6d573edb520b32793b780b

Threat Level: Known bad

The file 9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist persistence ransomware spyware stealer discovery

Detected Xorist Ransomware

Xorist family

Renames multiple (2212) files with added filename extension

Renames multiple (2176) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 08:51

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 08:51

Reported

2024-11-25 08:54

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe"

Signatures

Renames multiple (2212) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00y.inf_amd64_neutral_64560c72e81f6ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Continue.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_If.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c64.inf_amd64_neutral_30b0b06f47cab8cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_2.0.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mpio.inf_amd64_neutral_0c74c0f95001b61c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\Documents.gif C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsMovieMaker.bmp C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_neutral_15011483bd8465c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_remote_output.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_neutral_9fdc5d710dd63e80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_join.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_PSSnapins.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_arrays.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_type_operators.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_67db50590108ebd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_adpahci.inf_31bf3856ad364e35_6.1.7600.16385_none_c03269cd9f4f5ed2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.1.7601.17514_none_3a5b55d98a9a0bfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_Path_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-appwiz.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f33541d2d40f157\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data7706cdc8#\d3c9daee844c6d685e059108aa87b3a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..face-winnt-provider_31bf3856ad364e35_6.1.7600.16385_none_96978ae7806d8215\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1e724bbce79fb0b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_it-it_09d8903c3785e299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..ion-video.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4cc1d0741a97ef13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9d4aeebe4ef0ad3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ko-kr_e2a9c0d3f3607b59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d7f8cee99e82d3b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-m..icecommon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_24b48d18a44edf57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.16385_none_c4ba0775f948d698\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fa67a8a637f9e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\Media\Heritage\Windows Pop-up Blocked.wav C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_hu-hu_330f86d55de64a40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.web.management.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f2015bcc6dd31617\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_dca74e3a5695da99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_b490afff5b93e5a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mfvdsp_31bf3856ad364e35_6.1.7600.16385_none_55b1951c6b1ef505\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Critical Stop.wav C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14921001ba403399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e3b259cc3b13b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ed8755f62bb36e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Comparison_Operators.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0e65108cd3afe999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Search\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c3476f417415bb24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mmsys.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_34e5e2e340e7cc1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb1bf6c63f4ee335\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\720x480icongraphic.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2d4ec6477a27dac4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_remote.help.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7823ca5215aec9e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Search\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_image.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d1f46ee647dc5315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-stknote.resources_31bf3856ad364e35_6.1.7600.16385_en-us_baf3ac9465728f2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1459115ca65c0654\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ab0c075194d9555\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_779c465a67fcea75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_1df73ac8bfb16d57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_rest.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_534cc7b6b042b425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.build.utilities.resources_b03f5f7f11d50a3a_6.1.7600.16385_it-it_2c2dbcf8e254ad48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_it-it_068a8aa70d654920\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnle003.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e295a15dbf1fb4e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-p..olsratingsystem-web_31bf3856ad364e35_6.1.7600.16385_none_d16f41774bf65418\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\IME\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3c6f337207e50159\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_6ed8265c4c3dbb0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..verytools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_65a8ddafe4aaec2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_53906293d493357d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_en-us_cc0ca598a03fd001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\inf\.NET CLR Networking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-spp-pidgenx_31bf3856ad364e35_6.1.7600.16385_none_5d67c67ddd564ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5cf9a5db794cb010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_d2199a50165e07e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CWAFIPTICWNLKOE" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe,0" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 22480294551e1474eac981a038b6b18c
SHA1 03940c9abdc65db6bebd67f26a8db598ff33227a
SHA256 669c538a737b0888f999663e2f35bbda5d6bde11870287bc5d67351ad20d7389
SHA512 5f2c4c644bd43ac3c0e99630133e227e34b92f20feccca01bc493b44bea581511602a6b2ad245a4ac2492c3eba61237dd18d63a2b3b66d0107c360ee87c30f10

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 072a059891494a2cddfbd7b26ffb479e
SHA1 8a9cdaa422075dfe90aa9ffea3a7c8eb072ebc33
SHA256 724c82aab53996a54e4c93af7c8a067a7f7b1fa81dcd12955576efc3509580cd
SHA512 0919c94c68ca502c913e748f71136441907fd51ed14fe72fd97b8cb56f554327d929ea8ae436d93df52267a598998959dbd64f470d66c5e4d82f46dc501c97d5

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e89961fd86399a9672768fc3f1a0da05
SHA1 5e03573d8aebd31e64ad6bc807eeae4325d602fa
SHA256 92fe5226adb85928ab59dce7a8847002b049cee590c7b70ea7c334bdff388768
SHA512 b58a13a681c62c37c0ab9995c0e82605f0f75dd0d1478d6cedc6ac921a102e1c3c71bb91d7a8fbf0c0e87a29efc18c97f9ae4bf1beafe4eb7b1db3ba21299a88

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 52efa575401f2bbdc35fb4519ac25306
SHA1 95989bae959dd1a1efc7b2f89a0725e00a2bc6e7
SHA256 a81816deaae970368a741357498daa0f736747fae79ff0f6b8eeb81b2258ccd2
SHA512 7db54c4d5a107ebe39a5a85e9f1f1ea2f9c493f577e4c288e4cadfbfe869aafb02361ad93d7b551798f35cb19a7464c323e15827c184cf2e825ac5b207c1475d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 0468cd031139ab6f778214d0d89e5fea
SHA1 6e7480e3b29b2b658c25d2d638f0e9259268da33
SHA256 840de0be7e7a5a7d3695c09aedb9afe88c5d82d7232243aaa56e52c9d287246d
SHA512 4fe316a0b7d67ccd9dba7e1409297a9c81c3083ec7b02c4641ff65dd129cf31a4b127161717a248932c03c9b9d9ff1dfcee373430096e76afa4a7028fdc93cb3

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 bdb1398edf0f90a980a9c7ca03964ab3
SHA1 7dbfcc9f4412a0a947b8b303d934c5e96596b6f9
SHA256 659aa53e7b3900a5471b115ede1a11a6b10008ae83d1adb8bbfd5b5c6e191496
SHA512 ba4a3fa91d9d6564af8b8ea576776102f7dc5a9eababc5a643e6fd689b4eecfb9bf5f1ec5867e63d278d1beae25231b78b4671dff1023821140a661e87b587de

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 3939d0b61c2761f990a37ea08e0b36d6
SHA1 bbf606e3bc053247ebf6f53919406ad522cc6022
SHA256 7c6c258f8c822cc66e90419f1ea86d28fe7c650441d4b0c5393e50ab6302c179
SHA512 96698125595df6f775ffdd38c96c7236b32156d2232e36049bd3af7649ce0c3ae13eda6b4f9e8b275a6b37f75a07714701dbb0880f9cab4738823f8d79749dbf

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 802fe4cf96828d44f64cf65b3ae21ba8
SHA1 d30971479b048d2580396f14e8772a7cb33d93ff
SHA256 4178239de8d5b3d37e709fdf1ab238801656f0cb80c93b68c705ddeb4cb0fc29
SHA512 2d90c5fb7930439fe82f5236cdfc285efd13bcf34b41e7e12a8d11ce784b6ee83d8670850d0d6665b38688f7d5fa0b6c78edf3033c274464754434d94fad3806

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 88f623bc25d8f422608f7c167f3e13da
SHA1 5c1dfc0c0507f5ba0c682e5f29a9acfa2f42aaa9
SHA256 037e7280b3dad538cbd7c580902e112190ab1d65b50da8869891ba55614ba13e
SHA512 c9dfa7a27bc50f1642f9ed8e0cb3dd0f75d275ae8dc39da8cbbdb28c6d10a4b5f7d6cbc74007a1cfad80b5bc77c1fb03cef31bd07b06cfc4da15a434516ea440

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 be947e830db7acfbda4804e1aeaac332
SHA1 f843e5469bd3433038ca3609294794a3a614e1b7
SHA256 d0b1830f8cb35015176a3bcd82dc5024c9d5678bd2b00c79e94050a6af44917b
SHA512 432d0f29e04e25ba787ddb1c765735eea46c9c13baf855c3aef404b7aff916996603d8b16c942e8a99ad9395069019b9b7be93844d144e30a5d3675583eb0b4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 350474590c2ad5d74d0dffefb47484fa
SHA1 97a530702ca1d4ca30ee073f539f9d0ed6144c50
SHA256 a783dfe1fcde7dab732b1a98309cf8b1e2f6ad99e7166783a560b745cac57661
SHA512 f278f5f3b950bdf186aa770385468f34037c6ab18f953091c2305a9d81608c8485e1ac36b900d0f0d5c0cded03d5bdb49c654a0777f4693cde0d48ac55c8739d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 5dd32bd735e704d5d0a9eceaf7abf7a8
SHA1 19eb7d370679326776aa02d7eaaf0f530884b145
SHA256 1765ac34a9269a9fff0cc302b3045cd8e8d70f03f8a23513b77bc86cd1e4375f
SHA512 af88e75e5a261418e9c72756922d2bae49eda36fa7e8504c67212125a515cc913e4d80ad519d7b3dcaa85820240436db1ccc6642a652f4b19702184a6073cd57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 4b651b5d850cb62d628643f5f61b77aa
SHA1 44e6fda49595455df5da2926e5a646ccf0afbdb6
SHA256 60ea53a733a82222466bb7968830b88c512242b14444c77166a3028de52d88b8
SHA512 cc44863422bda386393480d8cb77844bb5cbb6225050ed79a3271c6868552cb07cf632e487a1da0cac975002ae77ac162e77281f2dfa79a6e40aa2ba907931f5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 883ff5e4081107306beadc9d5075650d
SHA1 580409603ba98b6b1bf753e47c606e368cce6ae6
SHA256 1c81c8b177e29d7c21a4da6acf5a1ba96804b2b5fe28bc046c9d18b9c486ccc1
SHA512 b9eb2f6ca58be779bbc543d5ed3c866f6ffdf194b6ea8ad8bc7051f3cd37046081d86c4a3c9adcdfe915fba1b2c09a8aa1e32c361efe109d666be65ca5fc8fb8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 5105d23a602e1cad9cea2a17daf477ad
SHA1 e7cdd3a3297b922d4bbd47bd3ab2233269ed620e
SHA256 d174d88c8df6a4a92bd09539446545adf88b1a91ad0c1df00a29d34fee5c66f1
SHA512 9a47b4289f23588af84d9f288726ce5efca552abaa10d8f30b9c951816a65aaf326bb8b9e5fcf97eda0525136e8ea73cf4618f5c084b4b97cb33fbc80815c8bf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 d2bbbbdecdc83f53995acd036c25e8aa
SHA1 b6a0ddbd499e96d7b37d0b5be71e2015e27033c8
SHA256 297febc131aa531b24a203bf9bda4f5686d153e7dcf2fe18d4ddf8cd778abc4b
SHA512 5f2515a62607f5891fe285f2af8b861687eba871372dd6d934b7e8d44913ee07d93723fa1242252ee1a4e0b41d7dc4acb0732981f7bd88dd486da7c4df4724d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 dd6278a1ed49ffca3e20336f9bd5b2d2
SHA1 67ac5d42945afadf2076ceb337a23ff0253d5834
SHA256 6e1aaec749c4779e31c9c6d39453c6048689870402a9ac98219bc98de239991b
SHA512 61a0704e29c5eb1d59809b64bc22640fd3bb993eb9b9d83639023e5ae5a9eed84b7eccba6510247f4ea7db1623a645a895321d5863cdde61e3659a288ccb4beb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 ebf812aebca9c64519e5f6c21d2013e4
SHA1 b92fb1edcdf063f6010cd10c7aa63809549e4710
SHA256 1f5870b466e60550c66925f232e5edd37c34d48f48da44028f06c344ecd73027
SHA512 d898bc2e29badf5ff3e08fcb009ba83e20b08001b50af0e378171c47cb6eb45d8648bceefd4f849b1937ebac0693bf1317e6391fce921c84348e582c2669d3ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 9af43866c54da6646a643f05c7f9eb2c
SHA1 5f6326c15e507dd738e17357f646cf70c6d42811
SHA256 379bed96f99fc89dbc72280e756ddfb686169a99a70c02754a4c03f1da8ae0c3
SHA512 d4500e4c3a0df09b3720cd9809a13844aecdd8f8311ac1640bc97d6bb4df57fd3ba5d29b9e3de16661607ad9b472a8dd22d3700977d59f3665b11d2d3c7869a3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 4b5bb7c5efa839728dfd5e20aed7e920
SHA1 2913df4f7515ec294e30da4a2e3e63ecc15ce404
SHA256 61dc7abe2710cdc607ace92c25f4abd3428e1c7d00caeb684b7b644e56b8b590
SHA512 4374a6b24541e7afd5e1d7dc7ce74b4555e71f17f7164dfccd96a71e8f94073c978cff90e6c034cd1d094c5dc3ed9e50a515916c4f9a5ee33e4f13e664746528

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 3e5262c540079e9ff1cbc30f3b64bc7f
SHA1 7b4fdf514ab595f9e438c7b47fc00b8ced9289ff
SHA256 c38c75c768ae07c9e9a58da7793f7ac4d13b65c30fb2a1ac10fab2ae62ebc67a
SHA512 7381cab98c0aebfaca8fae8abc5a6a4d2c4ffdc9fc658854a680614e99e1eadf908f95fecd380a471fb662eeafc8e0e4621aa0badfcd50e5d5b4e27a1f1e3b1e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 885f830c15cdfc1118e02e79490081a1
SHA1 114e9f2e5a0c86321ec4f4af1468a6e392c738db
SHA256 9c7fc6ec4305beb9c7aa8f6e5d93886190ce8bdf7cba2410f8e0c105cc1ca7ae
SHA512 a8c6f87d4fa2f0a6aadaa9952b60256e2dd64419b7b233c68680f890fb46a633f12be1873139b8aeae6cfcabd034d59f4e6b44296672a72f1a9b2abb2aa2acd9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 9322ff97035298587666d6b5783c8ec9
SHA1 6be189398c6eb3071ab43fb032178324ee93662c
SHA256 4dd4c62855e9fa8259463695d1de6df4efd1e08a42a25249542f0a9126bdfc37
SHA512 8ec0f2df6a9eb40147aa2a2420a7c8eba6ca807081f3c038019477bad0884a43cb49b36a2698ab189d7c7e3ae88389042c1e6e41304f7ac5f35dcae0d22ec02b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 3ec896c4bd26ffa677e72145c042f40e
SHA1 54392921d7174dd2419f04d65cb4bd103e8d248a
SHA256 01cbd3c8c075c617458793cd84b1e86ed8a0c0dcfc9f1723c5c0c000e9586cef
SHA512 8c8461af4b09981d3a81985a6ffc9c612fcd0a9bba611af0e64f17b748b6cedb43ace395238b2665d8023027f6fb23b5e4d3bd712a4be62709ccba679fe2f543

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 2514aefbbafd4e06d3bf13bc0708d366
SHA1 666dfde00f667778d8a9cd8564cb75f35d2e6503
SHA256 4f81a81703f040d0a1fa6eb99b299bc39f508acc005ab272a2cd2c227334fe21
SHA512 138642ff3c84683c39f4295c480597ef9fe83345f793c89b9f32ab00691d20b835d4e852b81d7a31f8f5f101bbc1079eb57896f94c32f4d1e268ee0c09c6d76e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 11421043006ca2811179efb3e2b0245e
SHA1 597cf71692d2fec1de15b87d4553294d2c3921f5
SHA256 1654e12e9f6040be08c520825cd6312d011b1e80be3ff611bac72b1049a4450a
SHA512 0f3180ddcdb72bdeaa70685bb050417a824e76cd1ddf2241d1df83b67e67430ded3f3704b14db7247ffec7279d4c8460263560a7a3dfaba895a5afb365a6aacc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 d3913459cd7326820f31f8e595c4e195
SHA1 3aed9d4fd3458622be15cacb44142497d9f261eb
SHA256 042a6a7a82c5f696ea37dab02f6051d913f94c4cb9596fe6d1da41119cd1b3dc
SHA512 6f17683ff8852a79c231e57d5a7d602c1ac54dca1be5038c04a8e20ee1d209b4a96acb0f2a8df354aa98ffe549b3d6caca6e86ba1f1c995783626cbeca813c60

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 eacdcc1f075dc124f628f46ff827c386
SHA1 62ac2cbe196792dc77e25fed38960997a0174318
SHA256 742f9abb0db68f17d895823ca0aab3444129fcd47502167a7ad86b9fbd3572da
SHA512 e1433d2b33d3ecb9e5f90e5035423c9cc5a784c3775e3db7d72df336971f89b8e5b44883d22ac6c43927c2c787276eaec18ac6653f4b0d3fbfcc5e16ddadce8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 1fc393587a47d6f4de46ee8a98ea7345
SHA1 7c577366ebb3391fcd589bf62b6aac2ce5cf16c3
SHA256 865b06c402ca69acef6d064973cfdc4069d065b935ac5d3dd80024d0d81809dc
SHA512 337de63ec9740b3d03b1ae0017b5fc4cc1d87dc42192b4865bfa796af695eb4d5ddc43ffcb231634e2f1b39af425ff5bb06a6a5d174f7101bc7ace369a74fc7f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 5891edbbb5206b1d50c000406fbe8b7b
SHA1 c8a51d0eaa39486715a10495e0d785caa6f6c072
SHA256 7379a555058ee55869162a2709fa15bec4105832342c963dc5ce54f542925d03
SHA512 8d07eb498b20cb19fdd43f64f8b47364e59ef4ca6c392acf144fddca37e3749eed11477d2ca4b5955b21d432aa13cc572c9d2718ea197d1b55c2c3573c811fb0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 1e819598fa957241a1d9986af2af4a48
SHA1 76e7a486394208bf5cc4d99c0c1364d3ef18c68f
SHA256 968510c765152449eed2580e95a94592596b4fc9cd767dc4b6056293220ea05d
SHA512 fed6f2ab9238d39b33b82dc0d2b5c242dfab79be056700b5842bf7d3b43be0e17cf1308f1552dda7fc918142f8ad61c0181e6e00334e8725bf2eabdb31e6cca6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 a15ec78a6e99ab83a4f5df59aa7e6437
SHA1 3b862f784310fd64df1119614acd6633c1f50ad7
SHA256 b06947db81c361de5e206076c7892c96fad53ff737cd774f95e35ab504969345
SHA512 ced8f16b3923c5ce7ae3f61a53cf51a17ee4755e9108fa59e278cd9d17c803b649ad5d55e2117c12ea39ab2989cb166a5175a06ad96687e760183b112de4dfac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 0da3f0221e7d3be3a856ea2fb91cdba2
SHA1 754e95453b49148131741f2b43bc33c681f21de6
SHA256 70b627b2eddb5f3ace0db6f14d287491ce89a4f5ff0d70a6d6586fbd07f38dea
SHA512 fac23f936c4f9b43adfb1948ac9ede069e19c840f2b9f37a3b567c260ca4838195a5d13c086f31a5c6896eecde695dda6c6cdcdcd2f5cd1669db7ed30d04ca7b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 87965290172a65eb1bc579d9a28ec102
SHA1 59767cd1465933f05381ec3998a453ac98b109b0
SHA256 797be25278288f937b34ca368b6cfd2c2ea87490e60872b94ca527bf9a97b1da
SHA512 d9e2b0fd14d8f7b7f18259562847d53e5af0b8db576ad64da7f70cd0a6fdbe3095dcc2e304a558df920a67e010d047f3bd5d5209e114cf953658f86f1e5e4f6c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 e95577708b4e224b6e67eb869d1505b7
SHA1 681971ef28701cea83afa8910e6e1773a183ecb6
SHA256 695eeca6435f9c8d175e2fdcc0654708a0a0922c6e623460509c70a777fdee77
SHA512 49a440c06070cc5ab99e07483a593dab8a758e5d3e38b17622723f94605766b012b89c7b8632cdd067befb6444ef53a6fbadd3a36a035125d2a54fd283b0eadd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 0946c8e73eb64bb7cbdc7851b20c85f8
SHA1 3ad8c64071604861cc476d0488445be77a20dd97
SHA256 19f028d5e8cedf87893d293ea2117d5e21cda2f5cf2ed0dd67614508304da9d7
SHA512 40c56311570389e968bb4046fb1aaa8f35393381d2e36996ef56e0407875c1d07bcaa7c328192b839ee843624d4219eb3eb01b9f5deb71b2219805fffc576b37

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 f069b2cbd2edd866ea22fa603bdbb683
SHA1 3d6c9553e1227b5cbf8ce3b675eb309e058ceacf
SHA256 4b7dc288964d2cccfc0444fec6b70a3967c21d105bec22dd0cf3387f3b9eb445
SHA512 84fd42a9328e899cdf288a7cf708102ea02ba3c9c9a7c1fff08a74ebccb2844929ab0d11f02411f6cea645bedd34aa9a364ece080329f99642e42d7fb3af35f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 0fc1e173dcf849fa4f80aabb2b7a3865
SHA1 ef53345b241af736780d19fd1a414b440d517fd4
SHA256 e4e39e2f62d97ab4e9a6f09052b0a87c675ddf15e15a356160cb1e3b602c1f27
SHA512 dc8082b92933462083ab8ebf0fce141441fe4ac50e0208df82335d698a56a65af9c6d0bd45788b7bf06cdb4e7782978e8f7a30dc118f9ce57fd9b1bc609f4a3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 f3545175313fdae2b1d783c45bdde774
SHA1 d99f7c71791e9fb54c1ffe3a33f9e0cedfad731f
SHA256 0489c97c7c9ea380d083bea1664ca3eb3ae797a6854f1fa3720360c95797207c
SHA512 5fc4ccfa5e44f11fe16a52dda10a0a86af2d90ed6b436d73567278f25b3ceab50214949f0794a931b7c5880478dd47d04a5772b3170b1b2e9ddc48d7828f43ec

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 3cb58cc0b3fe08ce735ece81954a337b
SHA1 3f8686f3698c98fc37c7769e9e7c8ec004547fb2
SHA256 dd26de32435cd254f2e0303ece2c09e31920ab5358a079b9a8abe0e459317fc6
SHA512 f7297aa66fb7fbbe5fe2dff1af4f1499d3a8dec99214a4b50cd444e38c7ea438416fe5f093cc657f6f14bb8a5730951a7cfb117d3dc991b389261351b8155191

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 7f3326d3c34825a97bb30b6f18423663
SHA1 b1b5308d46700021600f1767c7a633cf64e8c919
SHA256 7d3b0727bed9a3285688b714252ef1a4aae4dab1b426a44176ea04eef57e3398
SHA512 35457840dc108c0009514301a71014f3ae7577aa5962fcbd252a9ea2b937640c4ccae5b4c3b260364d2e0649f14ceb704c7b62b83885011cc50c50d75b73a96b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 93fcc53b9db15be6b3cc145a261e5c90
SHA1 2e9665977f8c9194a0ee335c9e733872133d5e84
SHA256 40203c50af693195936a9b03c4a22b21eecedd101f0e9ec45d727f74936be14c
SHA512 4ccf5c2c31f57194b69549abd54551f6685ea5f4a2ab20ef5ea5b1451db3bd880fd4abf19c06594e124ecec35690c38185b04924beaf103e61613e37a23f0aa2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 8aa935eee3eeb08424b00f69649e519b
SHA1 ca95c3342a64014264c6ee74798f5b98e6f9446f
SHA256 5e69ec876e560b6a574278574f05e6a4216d31ec5411cc18dc7044a91218f811
SHA512 a5e6acc3448a23a2f0edc2344b84119135f72a081c712fa2bb1bb5d96229edb50997db5fb986521233963e32b8d75bb4a2bf6802f7fec33375e95374711522c4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 1b0bcd944ffd740b1e2934280de58ba3
SHA1 07b91aad408ae5c08ae47485a1225bd77c4e668a
SHA256 b6e0855d9db591695dd58776bdb2b7c17627b08eecb9c0145c2d1e5a9dad0be8
SHA512 40091d29fd8228940705ec0284581b998c16115314ea31eb309f6e1c35acbfd07cdd8f2411fef551cc1aa4fbcdec1ae451a04ed43159a348650d552edc8570dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 45ee262013fdd7896f86602a8cda1731
SHA1 a10c96161e1de564726fe1d90213e6230aac62f0
SHA256 91d5c427802959190bcda2d33b637854a96f31a9e627e245e06bd2f628df09a7
SHA512 41c1e99073c397c8f8a3e756fd45b0188da4620857519f4cde0051109dd0c9bafddfd2c2a5d1555d0df0bdcbef2b8539d1b1829e4ccf4cf73990100b97532c23

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 f383b7efde2b74a3520c765671338a90
SHA1 9bcce03ef6c2eb0b0e03934f9ad33b824d19d9a1
SHA256 40df4d53c27c2cb778a3549e2592f0f2cd9e12e0f8bd1be9d35a910aeeb31731
SHA512 782b18b1804fdc375a1673ec33dc7ee3e2ef0d6a43fb84421abb96ba839c64c3e98003e3897dfa0f591b58991b79f7285bd554a6ccd772688c872eda94d647cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 2768fe158a32bb772c2a00295fa1f29f
SHA1 758a4858ed5fe578c47fca3dbf3decf3f50587e0
SHA256 40be1429af61840773954983b31bb3159651cb8ba95d79669d778bee9f2d6ab3
SHA512 33a225ae3f137dc65afc4915d145ac15dec6959be74802a46f6d4868b38ef364521e5c61a1d56a3775b7dd1d8bf5950b3bd0e0a12689e9136b2e4bbb1656fa1d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 5035d090b721e1b0b0a1bb7d3d3c3448
SHA1 d796e9d9a3263eed9c975563bca258ff3298538d
SHA256 e4b89149a71a679e4f2825bc6c1f6a7e1bc4ddedfc3a9873da83bc4c8d829b64
SHA512 7b44791a7f3d19d7072c85a9a3ce766eae89e99b13a4bac8611be8ae62d78410fe282e2d3fce604ff06daab6445433c861d019ed1e5d88be526ac7b18b82ec39

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 fa68a100b3e9511377cb920f6b819a1e
SHA1 2f6c19c1915557d1183164474d4ab05a5e6b2224
SHA256 f78e0a7b8120de88243f55aae6d7e5978621eeaf8abb4f162612696a6e72c4cf
SHA512 02b2c7766930c1bd101e8d75e3fea31fcbabb48dc03da570d98544949ed0e2aeb80cccccf01f86393686af5c7deeb0acef88e024353c461d349d2f28fdb0dfa1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 7d0b8f44bd42f314be3fb02e4a12d365
SHA1 b31f2100dd192106eaae13a1f51fe4b7b4a20100
SHA256 50bd133cfa23e17f77133f3d40cc592556f846472a2ea3f9c5ab565903f07354
SHA512 dd78947ffaf72e5b9a4d9ba6bcfa1adc0da86dc0f0df09fbcacf7547080287ab28907a1eb7149dbd702e1dbdca27a55d725610be7d623bf37fbe2dd77d7af853

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 aa59adee8404b486226e73cebd74cc56
SHA1 1a1405484ee242a14111a1a11b9ed7fb32c2c6b4
SHA256 6a7669290768af0969ab60f2962ddce2b1be5c663320887b3d3bfdcdb94eb3ca
SHA512 a8cc0dee8ff30dd03f14ad88563ca9de528d08367bdf9c723a27e0cb77f66735ac1bebe92d614377411a3902704982b0d7c082a86794550d6dbb759e72ca7152

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 3efdf99226d62f160d74d190dc58e64e
SHA1 a23589e3e246e55ec3790ee23ef903ed3bc1f375
SHA256 e8b43cd03f896d2d38ef9b19065efefb071def548dc5b908e965bdd83493ee9e
SHA512 12785e3fba61995182d1b727a93843508b76ac0e8a26112bf92b9ebc402f092546d12e0903e12cc4b21682cce0913865780948b60bcb08aeff9d79de43bb869b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 5be785123a0e21902b9c855bd5d403a8
SHA1 077681a7ed341d49584f031f7bcc8814ccc3f244
SHA256 54ed6cead7df0a12f97aa2093acfd80c3ea067d8cafce67f334121aacfb60550
SHA512 0d38cea3579de71fe7754c56b703fc0e1f1648f7337b63336b38810197c010ab79782f8f6038c2735456d96bfe130c7c1b0158f760f37fa250d2dca1360f2b24

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 4e2d697ec66d92944b827c270f0735c4
SHA1 f3af054cffe9098477be169321423f4d726056e2
SHA256 e949f6bb7356edec8f2bc1d714bb46f93f5b99211134d1f587f072e697145320
SHA512 e9f4fb2219b47363e136b6e5635ba75a8188e7d26fa11fbd7593b3766d0913cca7b7611e346e21e4eb471e546cdb13087e26f615ca9bbc2256b28ce79253d483

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 fecf40592286a4ee9780b5a54a39c8e4
SHA1 d3b7b6b5ef8c57de4ef0ab13d0d8c296f4378af9
SHA256 facda40f63cfc4de470e3e2da54fa8d0e49af34d1ae7f5ff4e9e231ca0016f86
SHA512 30ee44d849871b6e8bfc5212f1477982adc21785a3ace7b2d321193bc1a6d46cdff296bc6379ef28f72744516be4f97cf68a5b1b352bf039ea86e4510277b287

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 212b4546291e1fa882fa4cbd814c0097
SHA1 851f50179b5bc258e2dd0fc35b3c576f5bdba4ee
SHA256 6611d0a1ade4b3376a6df1799e6f524919b06721169798ddac7d09dff31dd630
SHA512 620eec61a0681874775c0aa267b6f804e58b3cd794647c7c06f0640687b80520962537610328a6f0aa818589d42c55664dc4665e26331e4b44bf6d905ac35b94

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 a7c43d37c5b783ab8bf2b5197dbf92c8
SHA1 6fc9ee8a633dc486de900277369094c4146a1388
SHA256 2819b733532da43f56ad0535b8c7f9fffbf22c649786d9f033eaeea000bb2c57
SHA512 b7e0a6dc5de2a6d501551916351f2954ecf2fe203fb8010a9afe1078ff4bfbe8911148ebd48f40f1f570ee0738c1986b319972c2e6872223106823865721ee83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 2bd4cc16f2b9e84c7c83aba47172b733
SHA1 2bd0c79d1d65ec9bd71a7fd7d162bbcb87abd88f
SHA256 9500219e3149d5d676fce6daa55617615662e00d31512098dc968e2168b57f95
SHA512 dff255528825227e4c98e055bc3f389b2ba34f949d823068803f4a19b95b6614fbccfb6d29554939ea357d773c2456f47c41d834d45ed55944b3fe6d63e7a2d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 bd8a834dd8daf1350f9a83dff7ad8ac1
SHA1 31011e4ea209639e43fdb5a1ce43c0adf5107fb5
SHA256 6177fe011e6ec3e036f68443581a33918b20f475796cf910cc928e257f54ce18
SHA512 654d29521888789e7352bf40ad2d6dfad9263dde2a134c9e419cfbf92ea5ce5e6620f45bc19137b336b8b456d7b997ba3edd065fa2e7516e6c397cce425325c6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 11af42926b86975b5660d7b67e2249e7
SHA1 8caec8e55166d39605ee8035354a6f9ea73344aa
SHA256 6247f98b5206c281f319ffa62f5ee6e0633580996f994575572bfd40f93c2e6b
SHA512 7a9adfce79ef14f067c3e4dcc0c4b923d1b0b738a514be4c6d65b9f51d7e9d6153ab3b920b364debe73e9aefa75088d5e7489574fd2b995c906b02a0725df757

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 8e542e41d4351ce159886237afd9db08
SHA1 7dd53fb8c24b9eeca040c2e68c1480286ac2d1be
SHA256 3c38e17f713faf94d8f68a49f38f60dde2eac5e8c6d46fa3b8a65ef58bbc474d
SHA512 0c2d10c1e83c53d862f9f313732c76499ce2a7c8a1cf0ac7dd4031a652511def9c31241e04e2c34a446e3a133c752c18dc3f4f93ac42c2b6817208662ea035f2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 30d85fb25ad16d54c786ca082ff6301d
SHA1 c0c53d480d38db1494b133e780c784084fd8d447
SHA256 e926b5d8c091d7507e5fb9222a46ef85d30a436b164058aaf111fc3886b77d38
SHA512 decde6051fd0244cde2320c7d8575403db938c95668bf37bc8c010ef5657e39574751c0ff8a9982925f19571c107b7b4e80b854f288b93e2dad34f586a872373

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 71feb7baa340c59c714e633fa9de6ead
SHA1 528a8e84a5db0c66b619cd23f2020075f2727a6f
SHA256 00abecdfdfd635630cdf5ba47c21a84704989bc23b41c9f9142aba0decf956fb
SHA512 eb36e0baea1e6c264008f67023c9537bf64b9ee3288a07162a11041208681f151414b22da54fe64ecc288eae46d67226a552a3963291abe0ccda911f58ae6437

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 cdd227545831309386a47c283f1122ff
SHA1 f88805da5c62f64fad88fe11c9640236cf84d682
SHA256 5043baf5b729dca0d501369eef23ea0d526c539eb55278a91efd8772c882e541
SHA512 d3b3837de0671523e32e22815050ddde1a6500ae0caa884a90b905cb71c25a259c050be81db4a13cc61c813d7f4f0e7b6ac435a03a544f3c82c8da3180bf1b27

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 fa389bfa495664f873a98e956842aa33
SHA1 5003c3b84d43e3d2c1916c23e91c2ac1aee78ada
SHA256 486868a94cd548ba77914e643a32f67a54ba813ff0c97f58723134c06d0477ce
SHA512 cd7ac21d4221e2839b93494bf80f282e0e5446e1b537664a752aa2abf9c61dc41fbeac8a82e4e3815ef7db0b0b183a0749b02b73a1d500a510cfc698a96719cb

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a9ddf09cc9cb4a2bc9179d33dcb8d4c9
SHA1 26aee15a3b54664904fb5b10607f84f1d3ce7bdc
SHA256 7e14012601249e0f20d8bbda88ba9930e0773e2add3e9b06c64dfbd32ca8d817
SHA512 eb1ef0f161c52a13285bdfb898d1349d27a964d0961b2448e7c0f1ae730d0064b4441500e7d4b331ecaaaa263781ef6f1b82190399a8448455e9584bd51718d5

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 2ee38650c39a7924f47f9cb87e525bf2
SHA1 7c1bdd55fc1af76f463904d8380229a3dbc3ad89
SHA256 dae9b5a4847d307a1d90258f03e8af674b8afd4d7e038891f9a6291cf360c0c3
SHA512 8e763d4926bfcaaa0610790066cf843074e4ec15e5ffd8189b68071e16ad16132b2f75905129d5893b6bb719f7d51fd7a8909d604c8b13fced33b7dc12038aa8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 85c2130223dd13db719f8b23dc6667e9
SHA1 c6516ff47f961af9e391b28ab22dbd5bc9c8fbb8
SHA256 40153fc539679b08b7a7e97f4dfc2673572a349ec6402b318d945e05b8a06434
SHA512 8e1d8724e5e54707bf218bbbd92a2dc22b92bdeb355fdad9e05e578b8c8358cfaa5c89def2e6b113392f9aa44d0445713c39071b8dba3f3c936d9467164f92af

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 464deb68905a11a7b0585f91dc2976bf
SHA1 8ea22697e8f89431f2d47347b47dd9046184428a
SHA256 4a07c2dbd68f007374a74cc6f25be44a6850f9c11af1c381e4bf2313cf87e28e
SHA512 679c0aa24a2bbba0ad66a6fc44ff76d81e2f3d07fac06e1855b76946d0e0edc23b448760a4c279ef77eb6a5f73e1f28b6a361f921d21f79e1a6c2bbb386d4002

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 3fdc14e7f353ea54aac8cd2b393d4cf5
SHA1 506c80f10b18115f9cbf4432bbe78fe889c5fe83
SHA256 efb6d659d11ad032fd1cf3966bb8daebdcbcd7fac3873e38aa4c1a35d8836b5a
SHA512 627f5e17fd7475763cba743fe8265bb25171760f9590ff14cf86a67c4cdad1c4048ea0318719ecad3cd2b70f36ccc2b86649096c65bbdf50346f84c139ea2fee

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f5daa88d38fcc93986b11cd73bd18d6d
SHA1 7707d17c84978ea68c8ddaf05bb99ce485809632
SHA256 fe2ec12d06b015dca8e59dbb6d7cc16ef3dedf46dcfe6b76a70fcd87cce023a5
SHA512 8f724819317318d7eeb491908fb6535d4a662cd9231765fbd1b96bf2ab4243a515cd22e6c29d5b9d764ed0e482f0495c55662dfb82e9da3686f3d9b1006e40b3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ae777b8acb1d7708cb7149f7ee532dcd
SHA1 5823df4b6b6bc8819952c411b9fdfffc65d321a6
SHA256 9cf00910bdf92c3a40f637c4e487d3b27a2ee0c1e2ca89f7b02b953df51e212f
SHA512 5a316fe02ae991d44c11be98e33f8a9f4501552d6a51820ae7e58bdc8d662fb5b88cf0b1b0b40d66898fe1b9f5009df148496bd6fc35ab02d92de4b675a23935

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 94d88d9b2703a3b88c13ae17f84eff88
SHA1 c3aa24080f5361ffadb236f524d838013a646d2d
SHA256 87b50d8b33f893e2fa332a0b2c4afc5c3fb580eca428c6c04d1c80a9509703e4
SHA512 4c5a1e5a3358ba337138df2a9faeff357bc396f5e8177e0aa6ecfae2fe929061069bd700ae4f68549d12e1c2f814f7ecc55198034d3983f3baaab28761d2dc63

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 43bd185c34229e4ac9855975de133fc4
SHA1 75bdcb5a5bdaed4fd95f916062b0b7056174f625
SHA256 9654e63814b5f4586c67c5a579983f26898a4339b158f67c46f4095f60452ae6
SHA512 41745146d9fd1e265660d86f9529e0bfb85c2bf3c69d17bd1494c92395fee878dbc78b825acee4b3cfc1ca9c615f7bd77f7d5a382d5909aafdcf124197de6555

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 01ae71c75821a7541ace4a0b3a392594
SHA1 945926566c3e257a758e40877c5cfa65ebcd2bfc
SHA256 72269cbc8433ce5b5a305214c241c7d3ae20519b5fc690e31f94d7b7e7e18fa4
SHA512 cf0d82fddcc94e827102c759254448938d26e813e5cffc1641009f367458af811d4d714aa85e7f410407a0321acef419dede589ff6f863421bacb5f88e3d28bd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 022e62158add48a4e616d04d1a082095
SHA1 5ef2018b3fafa9908c59d838d0f8296a01dc7ef7
SHA256 6eb3b0ae248355d46a6bf79973383cc405ede862b5e27e772eecf9034ca2168b
SHA512 e527912699b6cd77a9918f976f149ad316cc1e209777522dbf8cf6c037eb5671f1bb628b435ceb4c129238051f9bdc5f5ba2a54578a324dacad0d797cff6df7d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2841e71ac4c2b2edb3a13ec2c49a1fbc
SHA1 18d2c6fea5b047519a11e3e7612c35367edaef1c
SHA256 ccd0da7112a4b35b9b5c5a1641ca56eea2b646ec31ca17acedb84c8ccdf7d6c3
SHA512 ff7f52eed479a486bf9ca6da5077991d75b056824a6a111c4fd392fd73935836c39c6d476b67bc25d0e11bcf96ef4a417cae58f5c0ce9b23a1ce9aada822dea2

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 08:51

Reported

2024-11-25 08:54

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe"

Signatures

Renames multiple (2176) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_9f214efed426c12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_ced441476847bd1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscompression.inf_amd64_2aa5f249d7ee104a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_5c153f7ff7d0d00a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\8.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr.gif C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\Logo.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\go-mobile-2x.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunMailBlurred.layoutdir-LTR.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-150.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\174.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\MediumTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-150_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Marble.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-36.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MusicStoreLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-200.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-400.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\75.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Gravel.jpg C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\iheart-radio.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-80_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..brokerapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a34bde99d56d7a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..voicecommon-onecore_31bf3856ad364e35_10.0.19041.1202_none_b4564f2ac91b483a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-gaming-prev..esenumeration-winrt_31bf3856ad364e35_10.0.19041.264_none_35f854e9a12ee0d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-quickds-binaries_31bf3856ad364e35_10.0.19041.1_none_b62dc2b59a25df9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.1052_none_6beee285dbf74c9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_10.0.19041.1_de-de_bd94ff6027b78fd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..nkobjcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3c9e7db41d050fda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-fileserver_31bf3856ad364e35_10.0.19041.84_none_30e5e60f38dfec50\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_10.0.19041.1081_none_caeb1750d804586b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_10.0.19041.1_none_9ef920f702718563\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\retailDemoSetupInclusive.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_clearCookies.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.0.19041.746_none_d581d37b912a7b88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_it-it_0b97db13d1e83aa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-payments-service_31bf3856ad364e35_10.0.19041.1_none_d2884d7287ec55a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speech-pal-desktop_31bf3856ad364e35_10.0.19041.746_none_68786e9a1d40e1fd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_nvdimm.inf_31bf3856ad364e35_10.0.19041.1_none_1870c3b3ad498a4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-xpsprint_31bf3856ad364e35_10.0.19041.84_none_a34640623f68b902\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ef30ed021326193e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\ssprerror-main.html C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx35linq-system.web.entity.design_31bf3856ad364e35_10.0.19041.1_none_4eec5460b2640384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows.networking.vpn_31bf3856ad364e35_10.0.19041.1202_none_abb44947d5a74be8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_da474530474d77ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_c_sslaccel.inf_31bf3856ad364e35_10.0.19041.1_none_af905b001cf5890b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_en-us_6a05254c1216c07c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_10.0.19041.1_it-it_f8aa08cbb18b41be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_205369b07c15e6b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design.Resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..skmanager.resources_31bf3856ad364e35_10.0.19041.1202_en-us_8094312a5bd679ca\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\eventBreakpointConditional.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Badge.contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\i_filtering_options.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-aerolite.resources_31bf3856ad364e35_10.0.19041.1_en-us_7596a20e1fcd34b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-printing3d-winrt-core_31bf3856ad364e35_10.0.19041.264_none_741076a3d4cce13d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_081f0e1c3ea3d07f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmgl006.inf_31bf3856ad364e35_10.0.19041.1_none_ad86a92a10849948\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_mdmzyp.inf_31bf3856ad364e35_10.0.19041.1_none_74852d8c1e2b638a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_10.0.19041.153_none_0dd9765b24825c44\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netnvma.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_29f12e3ad7ef8414\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\v4.0_1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Dark_Scale-140.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_de-de_80a9ef9c2b6bb719\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rs-onebackuphandler_31bf3856ad364e35_10.0.19041.746_none_5f6f83eb5787baf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.84_none_04b8b1491897f94f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-activationmanager_31bf3856ad364e35_10.0.19041.1151_none_de108d595377ea22\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\options.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..tingtools.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbf93ed0a8d90732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5eea83087609517c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_10.0.19041.1_none_ed40da0e2e645691\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.19041.1_none_c36f57b8a28f2fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.1151_none_7f3073a2e8d33842\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-exfat_31bf3856ad364e35_10.0.19041.1288_none_ca2e859dce5b4f6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_052bdeb3befe2607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.746_none_c7c6fccae233c8b7\ResetDriveSquare44x44Logo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_660e48d8ce83a564\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe,0" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CWAFIPTICWNLKOE" C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9a74a7f9074aae3c09605cfc362df9e1_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 22480294551e1474eac981a038b6b18c
SHA1 03940c9abdc65db6bebd67f26a8db598ff33227a
SHA256 669c538a737b0888f999663e2f35bbda5d6bde11870287bc5d67351ad20d7389
SHA512 5f2c4c644bd43ac3c0e99630133e227e34b92f20feccca01bc493b44bea581511602a6b2ad245a4ac2492c3eba61237dd18d63a2b3b66d0107c360ee87c30f10

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 072a059891494a2cddfbd7b26ffb479e
SHA1 8a9cdaa422075dfe90aa9ffea3a7c8eb072ebc33
SHA256 724c82aab53996a54e4c93af7c8a067a7f7b1fa81dcd12955576efc3509580cd
SHA512 0919c94c68ca502c913e748f71136441907fd51ed14fe72fd97b8cb56f554327d929ea8ae436d93df52267a598998959dbd64f470d66c5e4d82f46dc501c97d5

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ab5e3afac2edc5c1cc416fbd788a3536
SHA1 8a91159af370494e905a0a1af3cfab7f681c9e98
SHA256 2b11dc85ee8ca3b952ec84e5e0fbb756e3912a0b37571a7bdd2e90acf832d01b
SHA512 d50e1953175dba60d2ece045aeca37e74c8272f542422778a7b2376c2a23bf0ca7a4b1a08e3a59c3cc20a72a20a6a5ec7c55edf4776396ef5a8d872bcbcd5f54

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 4f51a485b19aad808f6b4ccae652c24f
SHA1 aefffb2c58ac8db21d615af2ef0d64ae87b8e930
SHA256 9499512a6f03565c0432e7179f7984be313db93abf795ec29514da99f272afb9
SHA512 41bdd4fd3ff78f3e43130fae2bd0ad93682924efd1c80e7dd3e0e2940aad070c7052427c83fbe2908bd329bef43ae73c0e39ba3cf4aa80f9085aa33ec7b107d1

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 ad889827ff9f7e7d64029163bed914dd
SHA1 e1a425d7f541ff78fe3f7e3a2b6d83b08f929d4e
SHA256 4dc9da706219ccc35bca97e32f98e6877f3884e02436b0cf912ab73f76be5f82
SHA512 2bfe6155ebc115af5fdc7fd46352508fc55a202813e3e39d6745b3d74f5a0beb83d3a5e9d3395db606ccb93fe47f9fe9e068e6b49b553bbfae4e594239e627c3

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 528b756e85b3051495216cc4293f7177
SHA1 4d2e358b3408dd2cbfb10d5fcca532ac00fc234b
SHA256 64d7efb258c88bd6025f5acbe4126c1491a4474403dcc22ca40d1b6d395ad642
SHA512 feb66b664b148f2004107185fbb5cbef6821882ff46803549bd8b9b753c6a08d979ae0c9670a4c5ff961c0d6b485dbfd987c85ce30095b20b29e86ff4034e66d

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 020516579c0ee0cd3431a2fa02eb9c8a
SHA1 f6d3d2fbaed14904aa1eb299fc25e8eb2fdc5eb5
SHA256 fe0a151b4907e56ac4d1110445b121637fe38294726a2318baadbc0fc57da78c
SHA512 c7a2e17c1d72ca36230f8944a4b6f5defa5a2b261154639947eca39d913b68e7f7576aedc1e34b7346e12eb1864d9ef23ec3d452ac93fe9296e2ae633bec1af9

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 5c4b197d020c9327fb39e818d39d0ad7
SHA1 d9aa33d0bd46e65d037e4fb0b63355b0bddf09ed
SHA256 463b6992784777ca12d69bd7b44085910abac7817f869c17b89afcd15766ae4c
SHA512 659a6e9bdf2f7567ad83b3bc63fcac005de5f701dc68fc60920d4de2bef2b8d58e050963ac574aeaec725d069316f2a096ed0df9a0bdacda3e549a4dac1ec6ce

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 3171441da1b74c4b092c4ceb1323b976
SHA1 048ec3ae3de6e5769e0c1ab19374f1b48f6380a6
SHA256 2ef673537f3b0d0c3def745f8e5fad991ed20c041e8a536b0576492873c9ee9b
SHA512 893e4e2ed02a616b247177382e0dc53a6c89d742919381593b7fb54f2cf5f14e29f3bfaad4e0668ebae41404d2fc50dd3b95cd91b01e1de998e92466b6989e61

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 b6fc63209729af3f1642d2acd2ed9f75
SHA1 cdeb69ad712cb9f7b89aeb948a4a74c9c5e7a72b
SHA256 99e9f6731247986d1554560c4dc2a62268fb788df3fa2c687ce385d0e844204c
SHA512 4b0ec57410051414834b77586938e5e884c90fe0b449341fad3ac504351b4cecb7c05a31b8bb345d63edf7ac42c449406f2c97e0c40a0a7f04d6227e0584b4d3

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 c5b0d24b56afca34458b4edd80596796
SHA1 eefeb86262f42df559be03483bd145756292a059
SHA256 59d1eb2816123a51ad3aca0621ff67fa1100264ae9450477a47d287df12c50fb
SHA512 7849007fdfa762f2cb44ac9ed190ec4e17df2eaf817fcdc3dc2890989ed3679f014bdba8e8e1d3ac1137788562992ea9b4be07b04878cd71c00ac13d23c2c2e5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 c17921058560bc0f2e1f8819398bb9db
SHA1 658cbf98390f3109000c5dbd42132b25dd22a14b
SHA256 70cd77adbdd52931e88d58c0ee46849618653db150dc9ce76b9b33c180a5f930
SHA512 7aac6ff79f7b6df3e4abe1c66dec9d13db177b3a36b27b53ed34a1e2c968dae3f3259f62580c69efd2ddb2e5b99de364fe30e6f74daa2148307ecd720a1a53b0

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e09457f47c46d29d873bdd805a8eca7d
SHA1 dab3ab4b5d737692f13ec6b401a3ee7d3bd91e5e
SHA256 422a9501ff43ec5761b71e3272bef490291c880fc3b553740a2ee3843cb791c2
SHA512 8f2a402f4e052b1f67bdf6ecd83e12e87848cfd697c8c9645efdf588706cba9fe8199312d0e8a1a0ffcb3eb6ddb29780ccc54badc4f576e25d892043e1774589

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 a0b3209d75182351d64d2120ebd706b3
SHA1 696ce035ac9812c06c0d994739cfbf9f97fef737
SHA256 de076b0ab377ebad0c349c35c35b4fd455cf095fb5a68106d84994f6ce41c493
SHA512 00f50dc0f8694ff4aa7d4036ffa27225cc0130ba17688f21b9999ef561a480f6723e757c12c153d0e2035f1d1ea4d333f0401e35d996512e1134b02ee728be94

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 ce6b0a41cd14af5f6e2cfd02dc14215f
SHA1 bdfbe9a104dffb21c7478a0e71b136569d7510c1
SHA256 71e6f673ab037c711f44d137ee2c615fad201ccaa79a1a695b16673d9d34f61a
SHA512 b2aa6384f3a761a38f9a6ec411edc7b7b724a8b50a9b3b035d1a6823ca786dcc889904ee4fceebdf411afa64d125a30c0c25a7eb26fcd20b6750d821a1f94e0d

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 135f41057181d9db379f127a3af77caa
SHA1 ffd4ebbf7d5806fe5c0ed081cc4a0f0507cbbf06
SHA256 121ee90ed13adb86f0eed70e74c24918e66ddc43e1eeb55559071f49009802dd
SHA512 816e925fab948885a6cccf101b0fde1581c7e584f2b39a678457cf80c62e9608f7ad5f7c79b6125a17b9fbbb57f67d87483edc4b89c599fef010d5a06bfc34ef

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 7da3b2962cb56df319915fb545446c87
SHA1 a866131392240b1d0b52bd21bb3301536c072263
SHA256 0b14b5a8dbd92644ac25b36921d015d6af31b66fd26a1a1d6413cef9335e1b10
SHA512 120fe5a0b3773ee7a139d8c6562222ea7a89042f8c668380185599ca7af075d3536fea703638f45f8c6790bb9ac62366aa11daca429bf20fde4f5fb26ee24935

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 865f66e7b31611df5351d4901b18e415
SHA1 f78d4235309a0c6b02cdd94a992cca354c06b9ba
SHA256 5031adbf94b09d4128e8c57af65834938e241bb1ea81975663280a5eabdc406e
SHA512 4355b8975025d2b109bcb2566829a900d4ca961ce0f1af2fdb8fc6f5eec98d21d73df9cca3faff3d494a07c064c10902cdc986b57a05c4060aa099cff354e69f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 58eb1df42f690ccb5be4dbd89408076c
SHA1 1524efb16f0c15d32fbb6bca8039775fca36abd4
SHA256 7d6c643e1de4a86d0487d37ed904d2ec75bf5e760681d9a5482e5bed0cd65bf8
SHA512 9906cc143c32fdc5c3284a7ec1fcc842062754b351f5a3b8d5da0b5024c5a9d8cd6cd27d90501c2881128feb5b4ff3fba11a6ec901fe7d277343f08bcb4d172a

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 3f11b31f212928eb2a2d1f2e4ff6699b
SHA1 c1e2d5be14ce411a5ee6d36e5bb0e72641581684
SHA256 73f3eba3ac4b82eff3b327d828dab8713727fce6acfc19c3df12dcfa3079d36f
SHA512 d32b7bb8068f7c9394f6ad570b0a1a30c393dd39f38dbcfff26974e7c890d844216aad5e8b330433c4b7a07d86b5a7ba45e7d9c5d8615a9bb3abb85533e447d4

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 b3a3bf5e8544cca0633bc375b77f2d22
SHA1 619ad6b5f3c8310c8baecc466151d1401ccca809
SHA256 f33f15d85217336aa90b13e8f4b0d7bae7ebdf8ba166e3e049a1ca82eea57fcf
SHA512 c815665523c3334022eb1af5d4180513c39a87ade0e424377463224a4d0b0550ebbec5296280d81200730fa67e7ed67af3d6ff77e0d64b98a33fdb8401862a6c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 f7fe0bd3bcc0c9a01896e0c995db171f
SHA1 0751403ca809a52375246b2e472ad0573a87198f
SHA256 7df88d37a3b42b730c830a6857414713f17d7f7585ac5a0aa97a7986ca04fe34
SHA512 1129afa58612d77f736f5211f50cf49a193419ea4e4694642c7be81ac020bd6e221ab1b6ec9470c698169e91aec21f8e7477342b4b6985a2667a9f1c2b4f2bd0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e40aa1ecb1da37dcb7f278db3e97bf67
SHA1 4db152dcbf47101b5377001117e528e9cf4eb51f
SHA256 c923968e11b0667b2197753257c24ad17998710975fa28e838b11f0c0080f444
SHA512 a5acf8333fee1fa4201d558d758ac6c4e13d5cc13de3b1456f9950f0d97a12a41b732d2af76ab99cadc100de7c5e96a712b96124cb72e358d820da563f1ddbda

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 3c6fbbee9ad751a6085167ed739da677
SHA1 6bf837792a157a786fa6691dd93584062fc2b5ba
SHA256 3ca9a4053941935d32c2c0529011ec4894b6f36fa2f7cb8b053f488b24fb57a8
SHA512 b9398ade8feb81d6c2bfcd858f7199f1b4fabdebd3e415596a9f336d462df1c0bc4c235ade024753e55015d929e5b7d952ae218f3a48c1810b324190f71bcf6f

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 882c1b36f055ad60e427ee6e423df6df
SHA1 461d8f0d823595b223697c9f88560b47f323317a
SHA256 fba7fcbdc168cd237bdc27a2f384dd92663ef21eafa8a8b09c8436c660d87cbe
SHA512 9c9d7ef1b0480e29d16818cef00831b04c448933ac90405dc7c40e85125765ed58e8d74e7d168ce13dd3e73418ce975afc00f7a1b0ff60f34f60facaa7fcbf6f

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 625407f61e3c0330bb5038ba95f263f3
SHA1 c03638e1b6da180c631af7d69f649d2476c026ad
SHA256 6bb6f46388a3a8b3a4bc32611ccb67f1a16b7060aa87e615d09403f5e73c27d2
SHA512 aa4fa725466ebd1f2fe13fbe927e75039c480a87535f29c92ab434927fecd1ac6cd2f2e413addb9f0f62d84aec9d697c86655208ed442f30bc959ad73688a93f

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 9ab8a31c2c8bcca72da1149b8eff49b3
SHA1 75c8a8e592bd431406082eb1e0c143ba3ee0dabe
SHA256 558a082a94d4c182554ac9bbe91b0a0cb8db90f91a9b1b5a68d399fdda91c368
SHA512 66fd4aa6075d0e766a6e681d680ecc3a9c1951dc715c19848cc5c38491e76f80b44852428f207445513819d8f8d76c530e3cdbf70381ed1576d5987112c7a0f5

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 3a923c8808aee9cb05b00710f9c5ccfb
SHA1 b01e5d9a57ae4f1db272f587d53232e69adfbc40
SHA256 dd1c048b9ae395c93561f26bf13a39657487b87b06cf3c8d579d0fff8f105dd4
SHA512 886c85b99992c9c8a65ceb311fdbc9097a457779fdc900737122cca80751d2ac46ef9dcd98160bff06fe8a0d84c1bd5d9421fff3282886b9f5a5a96901291e05

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 b5550a64e4b172ad7857d88ad01bcb93
SHA1 94ac2b231094b7b26e60b21ef5309380e1abefd6
SHA256 63efd320b2868e8027722587c815530a6d5290d2609e19a256ef52e7fa8e63c0
SHA512 bbe9d3835294b3d13725863869dc107d2e2fa2cb08083397cece3914c0c5818ffd3bae7644db0d719a0bd9d0df07c20560e22b281a10f0f3609eb9be0522e0b1

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 60eb4d5e0d01c64e4138f7ffecaaf5bf
SHA1 336d5cc5c7462ac7bc0bbd1fc9f19b511ce12bf4
SHA256 e5e9d9fd18beb029643194f8450851b9eefb1d9f74953f33a3b23f06eba72159
SHA512 fbb15f4763b81e37de35b55c0e68673be21e43ce2ee1bf67f113e16d81e9d025aff6ccc28fefd52f10e5a2915a328e69f94371d52131a46324f83c0b7e966560

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 b7c5090f758b800ae7027a1761ae2bb3
SHA1 243fb73f994363459dd2fca478d044f66fd255c2
SHA256 c6e6c46e1b89da7d821c26507642b044a17be305ebc807aaa835dfaf5c04e2b7
SHA512 b008a25b9f6475cf8e54d81c0bf9d5d58354b4123f914632af8c713fcb76d54a8a9d40f2f88690029b93641e238ea598e22a6f8bcdb026b454594a990c222139

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 a77b05096d3381bfa69a02050ff819ec
SHA1 da5b6f3e945232d4b9c13f541fb841b9d361cb58
SHA256 483cbff47fce4d3c2de96a8aa3d72051d5c0e392f5fa14b4fb6fc1ab9d20e801
SHA512 7b89b1ef9b6544e6356892d473374723a9c929e8ec7cc2e5db33d9ed616b9d81ce0de6bb0f52dce22a92a512c260525936f6c5dd510ae8edb1597d17e2f58550

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 5494fc0a48aacc982184c98c27ea9f60
SHA1 5de161c7573254cd10d58d6b6c7bc8a8340dface
SHA256 8c93b3309048a6fe6bae3efae7eee8e7600bfd4b322cb3fc8be09aa769362dc8
SHA512 fdc05330bfcba248f791b31670b7a01bebc5b4b2a380391fa976ebd7b1b3e7acc73e39b3405a4e1d9b56e979f825f6517d6071a0f8296966e03600a77880b9eb

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 c06bf465226f7322d5d82c0350565d9f
SHA1 9c5696422f0d0347494f3e6c56a363bffa22f10c
SHA256 15643dc13e12f7623c5668c391954c29a73263e6104391f228dbb5549866241c
SHA512 412f067c1513fa83b1edda3f55176335d8f25c5173a0418aa026201239c4e90e24029a6cdb5aae54571771dbccde5e9215a2d012f8e19d131552f009e88f5084

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 d3ff41544f2a44047586d9a78e138255
SHA1 2a2970eb66aa812c2382f6e2b0a4114d28b87730
SHA256 5088d249e30a20187ac817d777b79eef4235e3a0bfdaf277274091ed997378b7
SHA512 a22f0c39fe90afb6b2680364e03e53dd5201bb48f875bcc689565ec6daddea835fb2f553ccb05cc7159b3fae64588dcb44a21a793eb5f2e9b45baa4f08ea55c8

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 9ffb0ec7a4bdbe24cfd47c7c59eda462
SHA1 b3492141fa82429b1897edc72bfae0364556e192
SHA256 5b8d1056b6bb148fc20cfbb99a460e743d4a0bd85ef54f44cd857409d9dd141c
SHA512 80d5d1ad7a3afb5b5a19147b47835f99254cf5c411fa5da04469c9fa08724b82afece584c511270b7aeb81b7f3b79f21d2c2d5f1ec939c3a39046811f302cf74

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 e5009fa2ef30bd6dd9e6748298981ec9
SHA1 b04aa3b0e99d205623517b13d7e760b87b61d025
SHA256 f00c147c973523a3406232e0032c5bc75be63fde3d93c48fbdb64ed9b84fa9a8
SHA512 80c2a9fe5cd856f157f89c093733ac29bee5dbee59baecfea4d3913f5bd2a038c2dae8f26ba115f181ca1ed0f0fc55429f23d6c8366102fde63d94945e03ef62

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 243223e1b6c47107897339add58fc011
SHA1 b59a9200f5594a86b4fe7d2146c031d14c99b8cd
SHA256 268c7b63bc7d02af3e8680e075987f0e1617dc8f8ab6affaa2b5e391d76cf291
SHA512 bff3d9b92b8b0ce65ca8f57e65cdb0151ab554910b0bb0400dbe10aed6d9cf2c9560a4202720e4d6711a0ce353448bda1522d42179863cd26f613eee0ffd1051

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 d382540e44244b9e9184c55f1d2adabc
SHA1 4f412cf2092e7ffe4124e9059c1afb33ffd9a552
SHA256 53298b4ea6fc07c5ead485843901bcad5c8194616258c60b27f5c427bf6e7838
SHA512 75049864bdc8b98bef8e75e2c197838e9369bed3f7095a0690f1c1330ae938845a841e141276ecd9cf5ade4166ddda25f321f9294de658220a801069bb25e393

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 1386bc553a42a540349ababdc678ef8f
SHA1 ca9c253e4abaf10b4a5dd3a78ec8393eb118a9df
SHA256 e4b091fd154d18c6dbd596bfb3c7c6d524769db52ae889b47d69a8aaa5e71b27
SHA512 0f446233141f9a167bf2e84835575b788fd6730a5cc0fffb450754abb99c9df522ad2217382c321225685f1e403a6c3321d108614ae07321600fb7a259fda8b8

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 7a9861084f507ed1e7a2f5f17bc65edf
SHA1 c76e69903f3750d97b472c22fc29cfa7fc4e636e
SHA256 210d13db30953926f002aeff10f95d81de4dc27ae7b476f012ac80f1884fc78d
SHA512 f0dd7e9f9f0af942bc84b55b07f000175a3a5897caa4d3649cbe1333a7b49cabd1f1932b4fb1142ea8d03c90a5cba5acae9f8ece5a5697e7c039eaa76b2a012d

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 9440688ea3683814793eb49d2f37b59a
SHA1 a7c55dc012b8be5c6c3901337e49720ef9a40013
SHA256 cb1183a4ec4c60bcba0b996a10318841f5d659ef428c2b3704f37f909f5ad527
SHA512 1b67b9532127caf1148b5185c0db1ae4a2b48981ac580846f31d92b4594ab80683a62105882aaac615254a04b9307f135620f9f06152701238efda0e85c6095f

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 4119d40e4fb65172a5843b7e4dec011f
SHA1 a0b867d31eb0d13ebef1c9b7dd49fb570a865caf
SHA256 b8de6b4604cbeaa21f22eb141e5d99c0e8b6a52ae8eef43e0218890ae059413b
SHA512 8fc2c88e0e454c85b6412291b00dcde938ea34273d753ba5ad030ef628c6385c4b56b963810999a4ec91a4988356abae612102dd285022a0926c8cb77576c02b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 a1edd924e1b9e301e061e610e20372a7
SHA1 226062b4a29ef68d1b4b7147220eb342b634e789
SHA256 690a62b0bcca18e99260983fe33c72e5599d895ad2dcef8b79cab3870b1b6ecf
SHA512 a9fafbd6bf3b4599b17b95157c7968164c5941c9d815c9b67098fde09c8c1a1674c38f0e802e4aae910b99f6f4a07ed19804743344de92cd3819ab8595e6395b

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 079bb9dc01d4e101601b39f2333c995d
SHA1 87e354400b0921cfcd868d99ac59398e9501d256
SHA256 e1168917447b2e685eaac868b5b395564447c5c2304a1c14f02db6b657a8343b
SHA512 d5489e4830f655ed68944a5f4c3c78da59093a7618f25bd6316a2bc54846e1686440cf7e33ba24fb06e6daaa8f8c9b65d18bd7acc7ba3f6e5bf55c2dbb4b6af7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 2b24baadd637b7ce6e356f9227280b31
SHA1 b3f7ac65d50162cc1c1db1143db5a5f21dfc789b
SHA256 a4261ab86e7df89ee68d632ac461a844216e155ca41c0d2cdb090fdb26a8305c
SHA512 fa78affd728f10820426d7006eb9e6b68d797d17070fb296923e6b16b9009660976b2e47408b4c439404179ff0a0360222e78f30b0bde37da3548caec46bb575

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 65b4222fa5bbd08c31185f583bcf134a
SHA1 e2e83d637ed9a37d5864b409e849dc9f83f7fd4d
SHA256 5f00daf4299b94d9d1b2588e5aa089824af6972f16704b2c7fecc0bc66d0b49d
SHA512 a1b9f5fb47d9ccc7e4e37bd2aec7ac632a868d7142613e6d633c85a73393f4619b3381a4329e2c76b74088208708f7621ffd09580522776ba92e0d05e986a6d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 4f81bce235e8d802e300a8261f2c3120
SHA1 8ae6609717886e24a124b2c2267cf3b0c992ab43
SHA256 fb42f01c155b05a60d3e96786f0152b46a4ecb204b6b417113d23409a1eb70ac
SHA512 4c3b7c66b7046ccf2a9e30c55341d8b94fa32f620bf6342e5dcbbd86745a3aa8aaddd28581d55bd4f56e4effb4ac425b15f2335bb21b733d2950a35fa7d6be40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 67558337b15b7710b61336a79d41cb04
SHA1 07a7f3860329b5020f3461775710b9bc515275e1
SHA256 5c56e61f63ba4f6fd38ec0537c959d96828e4fad7b2633197ebbd476e2d91f25
SHA512 eef3f2e0a5596b68c9d9d083616861f1d02f7c43572648750916d862da2c115687e1d0ba6a0f413a930907125c6ebc71eb153518a6266182cc3ea249e19adbff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 e843d029543946e9a16f9d9d04bc0e92
SHA1 b5b91697da151611e2487eaf806c67a9885aaf03
SHA256 930b09870df4b31d7945c256ba17a8efde34e86801fb26656f3fc257d215a9dd
SHA512 caaa0d5655fa1906b913f387de6ec6cc431819facca52981065ecc4b3d57876a43cdd975a956a79817f3c64048c7145902074a2244aba77f244ecc5ddd885b7e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 1ff283f41576202420b16dceb69e2dd3
SHA1 c19558644d082ecc2660f1efc276d23828d59a8b
SHA256 53bd9614ac1b8160737ce5d691c3aa007fd7bc4827a076c112e0564ef226a9f3
SHA512 0d7ab430a4b972c773e9a7c9ad3526695e200fad78d24abfdbd75575397002b41fc543418f04713324b79837c78d4c5baa56a94810d9f4b21bed27332c009eff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 199bc36024edfa786d9d8680dbd8a7d8
SHA1 5a294593a6455b7ab1a0c8dbaa4907ff361b409e
SHA256 3c9beedbfba1b76e27dffb376da6b668ea78ea9e7d4d96dddc58ad111bcf9039
SHA512 84ac2931f63f64ffa0c4758e363e1ea20e2ab56929b90ecbe534e30bc001008824d407fd331747b6117d331b6f3679d231c575266eccc31ac30690f02f297669

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 8eec2cb5384d08b0f9cab05eea5af1e3
SHA1 5c9a0369b9fda3a4334745b2807dd60c20a8e4a6
SHA256 c4fda52c10002c33fd02624e094e1413bdd45166308add070f2034ac6c2f8fbb
SHA512 459feccd0ca6eb540fa11ea8fb92d85df5a43530b54b5f89517c9df54c7ad34c2615972d8d78b3bf81aadee167fb1b581b7339bf05a0bc437ac49f3560a0fb2c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 334e79d15943247ec68ed8fe0348afa9
SHA1 9d026f516adbdcb78483bad5095b967bcd1ff099
SHA256 4686709d87a84bccbce17f986522c06fe20b43c58a9fd3bca998f51908e3c994
SHA512 36f91dcefdc604080b3b87425b2db8e3999d58e75361c9a2d05773031ae90c5e91dcd207fffa45f22325604da29f4ade33e5d759d3c1a16dfbdddb9f65cbd83b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 21ea674eb16d2fae2d7612c5501d9b81
SHA1 1ae7e79ffaf2597fa91f54e64909e306079ad105
SHA256 ccbdaefecbcba451d0bf82ab3dffd5dcb3cdb7fed55e80f873acba0d925a2db8
SHA512 513c43e0e8c6393439e2512ca51ade54d925e815d2f4e09d28d62fa9cf048e6138db81659e0f6546df5b1a81e0c7b74b5195f0ab0dc45103151eda21f0cd7def

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 b94540b40313bb64ba7438d2cf412e55
SHA1 3ad1f3048227a95316684c57b6d458e76b1c586b
SHA256 4dcb6d694e2a66b5bd8ff4f92debc7b5f8285141f5fb1b8e84421698b0df4ac7
SHA512 b54d87dcf28897fa8c740c55b05e785e75e1da0f67e5ff635f114c57ad02a46995c7773fcc389ee01a462cfc615f8a54c33647664cbf74afc9e0552817a32b12

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 1e85ad172d51c4ee042dabebc3644761
SHA1 3d7319d5225554b9e4223da0e117eed0e6a94bad
SHA256 cd6ba510066c72140f61b03d815e613d6e2fe9184541e33189c053c42c5c22ca
SHA512 43d7c971a1147957aa9323a2aca22a8ce29bb2c27d5f9c66d66689dd7a7929db488f0108474acdfa6acaa8d5830aafe40a421e207480b5ee23965a5b2f769a65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 ee8f5e5ba51255fd4780b02e8a71f974
SHA1 481f5d61adbbd9a24a3a60894113fea0e32fa2a7
SHA256 5c07051b1eed9155ed5b8f41f8c31a50baedb5c7e69f15392d177cb606a21c69
SHA512 6336759f87bad47c3be239a782d93e013328f8462e01c7e576bd0234adc5fd9ff152103e593c4f465296274521404515825c04882d13e52540be91b38370efae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 756f5dad53a54d413908f697369cd3cc
SHA1 f1707f7b373a71dcf4084040ab973edc7d3a3f92
SHA256 d07d0ada4fde43255ee56654bfea2d954c999484035d83ff3dfb308f55638333
SHA512 fc2887e26a323785f0706968e254684bd4cf84309e92c2e576abad165173f5beec439c27f2f4f983c4806ae16433cbae4e9689c06b581b7d1c405ff6554daff6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 ff4c85531c6ca92b1191f7c68d868375
SHA1 1e50951635beb9a287a975b29243df4b281c0002
SHA256 e3ce0d89edd43d748dd3ac4076bc42325291d35573a9797778386c9430ecd6c8
SHA512 15ab2ee8eb0c0b0f8f0bbc27a40851dc8bb2edaac29f72b73730830276259f64dac0af0532e798c424f682e67f08b36a8ba56323151aae0bdac78272943f0e51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 612f3f99fddc5cddab44a4d3df0204e0
SHA1 abc80500fb62074316ad28913a29a82c62439c3e
SHA256 c52fd804a8fe52275132442047dcba48cf64ffa71e870ab396ea3bbff2cbff8f
SHA512 ab8f8d9d18b022a1e873fd7ab53beef04f5ee34b6443289f38999a056fd5b93f1efb87d3542b279af3512d3a6d128ec6d23e13986570232d10a82ee6ed90c8f1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 ad65ac3804804bb038e30bde7bc94545
SHA1 e987154a81b0fd3780445035fc898627fef1c55e
SHA256 8ce728deb57174084d0be9d8f1baa5d4c8a03660f0deafbba00df5d2aa814f3e
SHA512 d3cd94d86c689897b8673650da79ed26f7ba9162a50644e756f6afc95115ad69f86311527f43e9686bba24db8b8c97476b20af1ca98b6582796ee661a2023fd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 7558393b015eec55e2525973abe82ac6
SHA1 f3a421bbd029949d2cea94b05ad3af441e197d58
SHA256 9a4fd5d777b475821e0a1d3a02337c223c6aa1546dda77d0184f733f27a60b7d
SHA512 be6831240b5b7b25cb9939df8a5b26ad4e57dcae3ce4c829a85164dc241ae1dcd113f485408e74f975e8e9943815a1aa767743c5400a165ff43d1f27f3783091

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 f5372b31e750d9fc10851b0c93f5839d
SHA1 74a68a57cbbdfce00d5a48e4187e1324676675ed
SHA256 966dfaecbb9dfcac7f7ec28073b37d86973d221017075fba4224c7a605bcc546
SHA512 9c6c4ed569372ebbc37d7a7ef84cffacd0c56e3530867e85053e0af21482f02ec22fe9c6dcb9089ec1b41ccd64b8a31f491b0654d76458d3705309d4c13603da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 7553cee1e2302123629bfdedb2707ac8
SHA1 9ef15a431aadb8664184a946140c9ac19788715d
SHA256 3565ec6c374159fa1e10c78130743721bfa1f9911d00e2fb4fc6f14ea1515239
SHA512 588a816ef8e4b8f33cfb98750517051617af93d9197f5facad2f64d8028bbd6b9434773234b20c30561b0d39561828ac8e581280986efc827fb6b7629f02f886

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 0728c3df976ebf46671fd28f63860dd7
SHA1 26153b27e15c04dcf0e40145d06055889dddb24a
SHA256 c5f388bebc69028c6cb0f0ef3784d122c114daf41a841471e322a3f3dc78e01f
SHA512 25afc2ed1a2a0f144a53760adb250c7e59d175a5f9b5ba43982e63ee25597e2b84aa89e41d476b3bf6ed613500b2d0fc8f912686a40697988a385b80c2e82a52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 37c4788a12148164051d8cfb31431634
SHA1 c2a067d4e76e7dc577fa20b0222eda98499f4c47
SHA256 99606ae4d454d0a763a9811d5a151ffb398727df1ef8bd59fff40ac08d13e801
SHA512 2ce93fe2eb0299f7be6ade4a5890c016038fc9631e97eb55cce7b8b8166de904ea45dfed03fc1732349dff2e1110b8d9708ccce0330753cc91df5fa7ae57bab1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 da18975e79e474018dd448b01a5bb35c
SHA1 fe1c9971cba751ea5bb9bf81b8716205eb5e1195
SHA256 9c4cfe35e46be0a1b024ce78f3bd359ac0746b05b658cce326d63e33fa9ad382
SHA512 53d5615afb26a80aee21f5ee52ba1df9e109e3471271b7be00bcfe25db499f7b662998e675069c8cb55f1b14436020d54ec66496225442dd685e2d35f7387db9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 9e85d38824fe19b044f483bdb396ec03
SHA1 d7b7238456d4c5b80493759b8b7b62a2412a9b70
SHA256 2b677fff6bac7b2d0e9678cf9ace8717cf32e82da6ca3bba953577510c1bf679
SHA512 b4543530a71d20e3092d95d28c7837b60b0cb8aa25bfbbefbe691a59931f06179590c2a75c49a681fe7c816bd350af389345b1084d8e498360b7c8190f0dd7ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 41823363f9f072322f63d8a709c24469
SHA1 ba3c19bc2842fe3a7875ed834087fd901b39d8ad
SHA256 cf26e55d791f7dec35ec10d70d80903e2c3bb6aa021339be69609949d748139c
SHA512 afed763e4ad6f05a7a496a92e2b27e99a8fa5615c050db68a213384cc409ece2ccfa143b8fab279a77d2f42722d994e3c99139fac4ce9590b10db333f92fd619

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 a5325e81388ccebbf6ed5aaf6ca4bb65
SHA1 111435e3f7711988c9046190f1b584ec142a4750
SHA256 93942b39de0ee91ec59a1e8b17d52607e1a2a27fee4ed0d7c402e057f51b95ca
SHA512 7c68973c3f58531a0daa11fe5dfd4c5dae872c24949f751e47e8c09a57500dacd873f569c8398737a1784d7c8a25151205ef3555464e30552739d8011db77ea6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 bd16009b3a8a141624a6f06fb9c7f610
SHA1 2f50c394f5fe013e99883e87162a38429829b450
SHA256 e8def794b9eae3e174b8e4dbe7dd3cb821ea32e50d7416556cfcc9140e264e53
SHA512 3ea0351b2521da698703c42643037dbf7a8ca9acb9d7a5a770f633096de7b80cda1924833a13d1ba2e8c18dc3e9a75aef601ef55f66a5d2eeaf2b0d6d2892834

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 d1768a15ab0917297c3cd729fcb33456
SHA1 aed74711dcd4e7c1bb75ac045658e6ed72e157b2
SHA256 410aeb250eb4988fac5906e6b18c3972a1f5c4afd08f2a480775f1a6beca8d87
SHA512 0956e6e0b9caf3fef023aa730ef5a84988ecbbcef7634323cf080c0f05cc6c6f15a416ff81a4363f884e0d38c9fd872621bc231a1675a4468ffe1362b5d67bd8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 0013f84a39ae5e7cb79206e0ad250099
SHA1 9b99d33a81b89899fbef8ece6fef859696d28842
SHA256 04b1e3f9008851735136ebaf9e102835e05cd4955d2b6c3f60039a68aba18ed5
SHA512 8836951626e32ab28758dfbf480ff8fa34fc4565e967923925f4f39d5073e8d2cd0426c860cdbe50ad853a169cdb66a7f4770a8fd8af1125b045873627233f8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 01d5c948aac06982b7875c172ff07cfc
SHA1 3ecd9b003bf15ff4d9a0d957ff9c5ea4e6c8524b
SHA256 74d6c8bbeee0db53b358542ad023d5e85addddaad1c38801c6a124d9c536e9e2
SHA512 89f2797ab14d64cb29c39a717124fa7f609e6f23124a9118e08756719ec30300042df94d36c698327150ece99b1e672b8e7d975e64f6372ab1b4925f47b72153

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 04140b5b67db728a26c1bbfd4e0a3cbd
SHA1 2b832497f43ec501f93fce2f0e30b090cd506b92
SHA256 6e6e78feb006faea7920dcb35963cb72e0ec9a9b8ad47be4b11df9982ed609ce
SHA512 8b453ce3d93c7af87758422f256717cf8576857379105ad459ca57f23389696e3e2d499e355ead8a47d9fc482402132124be5035b930c08e3ad269a162c0960e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 4a5c1a5fa10e07831f66ffd2e0068a6d
SHA1 53c0c88fbc1af8bde71b46fa29b57e8f88a28807
SHA256 a632d365cb3634a2aa1c66af7123c3808af195282d26b652c206e2559e2e2d5d
SHA512 0a21ff7c8cd09a6d59a22c59e8adf9e64066d5ebef9ee72565adaa9b3a43cc882fbd383fbe7abbef600571930b6838a262d5db04f2c3cfe9ced354479fc16b00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 db9cf02aa0eb948cb3facaa445c52461
SHA1 0b280013652dbbe39685748259d28cc16be07af7
SHA256 807a0184e16e26a1ec9c781d2b6d41e3f10469e30b44c3eb3c02f675f49df426
SHA512 97b28e05ba5cc3d20d1552e68a563452d912d4fee614c4b64779607ac4a906c577b1bd8a98e4273a99cd6b02a340b0a446a1ec6a64acdcb1c5ea39ac2b3fd7d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 794ccff1b9f996e0414567cc7ad3d158
SHA1 9a24ecef024523ea3fae63f3594d9f48ac434f7f
SHA256 9dbb992ef4e5b34138bf05170ef3948ab71ef42a69376bd62d360a1bd7e0bc50
SHA512 ee74ff087db44e5c487f2a1ccd5497f1bfd02d4bb6ffa60e7dfa97ac7bf9ce8c3d93ba06f98bc82d3613542beb41e6900b715be892dec45521715131d056411b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 9bf7cf02dae0558f7373f2d4a4a17137
SHA1 0fb6c4dff9693529df06a6b017e595000440f17a
SHA256 ce45bed0c91aab031aaa7af204c32a4ac19705646098bce9629bf7e3f80e581b
SHA512 74fc04b471a9ac6c7b1cae2ecd26b4f6a8ae4d1b6f7f892bd10676f7b3f2a1004add0816c50837bd698922b3aea0c4741e6ca08bc90a4e49d6409db8f93d227a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 22ff8148e138a0c71904808efbdd82d7
SHA1 85d5e02b82e4b3fc4bd2e2f4520c4287cfc883c3
SHA256 b2cc055d6f9f1b51495ba87c3684db787f694a825aa63e1219b6a039654b27fe
SHA512 eea0d516d7d870b6a2dc8800438b5028589e08c0eeebdfa29e254792905db5e42a5ffb8711194318edfc883d5cbceffcd97850ec61d40aa382c0a0e30b1a4930

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 d69e554a42ab3fe510c0cc434c5f0b10
SHA1 36d813d690463a53366df4c58490d2a328adcac7
SHA256 fa2200c3dd957ef3fe97e4b9ee6276dcdc44947e17a454f52d4731d500793fb7
SHA512 4054c893689a77cbf3eb129c25902fa020e9c8e282dede8dfc8c95c1890bfd72a6c426e5c6a5b20b1c83729eac300e48b685da6ce0b7d8a6348b50ab056684cb

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 f842d0e96ca2c81c8646859655808d09
SHA1 3089b9ccead919dcb1c62c25e38b323be35d50db
SHA256 928d796f3d3e411baf99822126aa2b7cb8cd593c3a9ca6f21ecab0e972bffb6a
SHA512 22db2f88c9d4118ec9ece57f5ab5f619102f17ae844e48b4073b7a62acbb9261d9f3e2c459d50926fcf32aa0fc037420f8c91e384d77ec9f95ec0d3e366ebc3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

MD5 fee090cb02c9e01cd1de5a12d893a2a7
SHA1 add255de5e88fe05e2a7c40f20bd5ec9b48cfedd
SHA256 682d1e697696809979e5e253a02668a3cffeb137d67eb587a71b421d54bbc4b7
SHA512 20e7c1ed5aac0b11635b17dc1c88e82dbb6b1ae8196497878e0518c6f3d32639a8ca83047cdfd06f8068e105f13c3d26100b745dd1aea3843eaf77db2c57b680

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

MD5 952f6738a67877232769afd551f6b039
SHA1 faa951ec32f5cedb2ed707f0d3f53b904080e985
SHA256 25b187f196ffd4a8758b5e0976f28ae77aa2e2dbf515b2eed2aad64b81c6acee
SHA512 b756cb120eb6ce3985963fe4ee180e2e95fef443279fbe1d258f5a097de0c41fa0cd6d5551b30ed2922f88a2a3141df3c703806e972b72c4dad787540149a74c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt.EnCiPhErEd

MD5 4866df838454394a535326d83727c396
SHA1 db5ea5c6f5839f5597e6a6fc891e98ce843108d0
SHA256 df37fa0491e9b40d14f877e3eb67ec3a7521fc5a2a9f4950db2196fc343623d1
SHA512 85b496cc29ff711d1eef2a04bced950a0239a863b0be337105c9e20fc5a99fb279cb17ade51d1e762725587867a6b2cfe8596b220644f99971897f339fa3db6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668505036074.txt.EnCiPhErEd

MD5 94f72a37cf9efab11d6ff4c0bb6e560d
SHA1 fbcf87d1eaff2da0383962261d842be816a94bb3
SHA256 ada62b8d7db67fc55902bd583c4e5dff4c4c9f6d451c4e941083a43b213a4a40
SHA512 b8889e957dc3a70804decb1fb454bb52be8323e312077e229c6c5b84355f5c233497c802a9ddcef4c0997fa1d8a0bb0a4f9c819a88056bdf581cadd3210b0d77

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 342b86a591781c8e3d76ebc81092063f
SHA1 bfcb0036b7694cc0bd6a44b4eaef06310c257dde
SHA256 e81ba3ce8dbe827d59bf38baaf2cdf2cab1e0b3819c34b9e1ffc10c3d19fea86
SHA512 4bb6f1181974c636f760aa17f408a0e764bcb002df955a64439b78ebba1bb5cd88ef4f72ffa015547f1646bc861f666b434f1a4ec65748b641547379ac9f5901

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 a9ddf09cc9cb4a2bc9179d33dcb8d4c9
SHA1 26aee15a3b54664904fb5b10607f84f1d3ce7bdc
SHA256 7e14012601249e0f20d8bbda88ba9930e0773e2add3e9b06c64dfbd32ca8d817
SHA512 eb1ef0f161c52a13285bdfb898d1349d27a964d0961b2448e7c0f1ae730d0064b4441500e7d4b331ecaaaa263781ef6f1b82190399a8448455e9584bd51718d5

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 85c2130223dd13db719f8b23dc6667e9
SHA1 c6516ff47f961af9e391b28ab22dbd5bc9c8fbb8
SHA256 40153fc539679b08b7a7e97f4dfc2673572a349ec6402b318d945e05b8a06434
SHA512 8e1d8724e5e54707bf218bbbd92a2dc22b92bdeb355fdad9e05e578b8c8358cfaa5c89def2e6b113392f9aa44d0445713c39071b8dba3f3c936d9467164f92af

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 2ee38650c39a7924f47f9cb87e525bf2
SHA1 7c1bdd55fc1af76f463904d8380229a3dbc3ad89
SHA256 dae9b5a4847d307a1d90258f03e8af674b8afd4d7e038891f9a6291cf360c0c3
SHA512 8e763d4926bfcaaa0610790066cf843074e4ec15e5ffd8189b68071e16ad16132b2f75905129d5893b6bb719f7d51fd7a8909d604c8b13fced33b7dc12038aa8

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 464deb68905a11a7b0585f91dc2976bf
SHA1 8ea22697e8f89431f2d47347b47dd9046184428a
SHA256 4a07c2dbd68f007374a74cc6f25be44a6850f9c11af1c381e4bf2313cf87e28e
SHA512 679c0aa24a2bbba0ad66a6fc44ff76d81e2f3d07fac06e1855b76946d0e0edc23b448760a4c279ef77eb6a5f73e1f28b6a361f921d21f79e1a6c2bbb386d4002

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 f5daa88d38fcc93986b11cd73bd18d6d
SHA1 7707d17c84978ea68c8ddaf05bb99ce485809632
SHA256 fe2ec12d06b015dca8e59dbb6d7cc16ef3dedf46dcfe6b76a70fcd87cce023a5
SHA512 8f724819317318d7eeb491908fb6535d4a662cd9231765fbd1b96bf2ab4243a515cd22e6c29d5b9d764ed0e482f0495c55662dfb82e9da3686f3d9b1006e40b3

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 3fdc14e7f353ea54aac8cd2b393d4cf5
SHA1 506c80f10b18115f9cbf4432bbe78fe889c5fe83
SHA256 efb6d659d11ad032fd1cf3966bb8daebdcbcd7fac3873e38aa4c1a35d8836b5a
SHA512 627f5e17fd7475763cba743fe8265bb25171760f9590ff14cf86a67c4cdad1c4048ea0318719ecad3cd2b70f36ccc2b86649096c65bbdf50346f84c139ea2fee

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 94d88d9b2703a3b88c13ae17f84eff88
SHA1 c3aa24080f5361ffadb236f524d838013a646d2d
SHA256 87b50d8b33f893e2fa332a0b2c4afc5c3fb580eca428c6c04d1c80a9509703e4
SHA512 4c5a1e5a3358ba337138df2a9faeff357bc396f5e8177e0aa6ecfae2fe929061069bd700ae4f68549d12e1c2f814f7ecc55198034d3983f3baaab28761d2dc63

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 ae777b8acb1d7708cb7149f7ee532dcd
SHA1 5823df4b6b6bc8819952c411b9fdfffc65d321a6
SHA256 9cf00910bdf92c3a40f637c4e487d3b27a2ee0c1e2ca89f7b02b953df51e212f
SHA512 5a316fe02ae991d44c11be98e33f8a9f4501552d6a51820ae7e58bdc8d662fb5b88cf0b1b0b40d66898fe1b9f5009df148496bd6fc35ab02d92de4b675a23935

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 43bd185c34229e4ac9855975de133fc4
SHA1 75bdcb5a5bdaed4fd95f916062b0b7056174f625
SHA256 9654e63814b5f4586c67c5a579983f26898a4339b158f67c46f4095f60452ae6
SHA512 41745146d9fd1e265660d86f9529e0bfb85c2bf3c69d17bd1494c92395fee878dbc78b825acee4b3cfc1ca9c615f7bd77f7d5a382d5909aafdcf124197de6555

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 01ae71c75821a7541ace4a0b3a392594
SHA1 945926566c3e257a758e40877c5cfa65ebcd2bfc
SHA256 72269cbc8433ce5b5a305214c241c7d3ae20519b5fc690e31f94d7b7e7e18fa4
SHA512 cf0d82fddcc94e827102c759254448938d26e813e5cffc1641009f367458af811d4d714aa85e7f410407a0321acef419dede589ff6f863421bacb5f88e3d28bd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 022e62158add48a4e616d04d1a082095
SHA1 5ef2018b3fafa9908c59d838d0f8296a01dc7ef7
SHA256 6eb3b0ae248355d46a6bf79973383cc405ede862b5e27e772eecf9034ca2168b
SHA512 e527912699b6cd77a9918f976f149ad316cc1e209777522dbf8cf6c037eb5671f1bb628b435ceb4c129238051f9bdc5f5ba2a54578a324dacad0d797cff6df7d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 2841e71ac4c2b2edb3a13ec2c49a1fbc
SHA1 18d2c6fea5b047519a11e3e7612c35367edaef1c
SHA256 ccd0da7112a4b35b9b5c5a1641ca56eea2b646ec31ca17acedb84c8ccdf7d6c3
SHA512 ff7f52eed479a486bf9ca6da5077991d75b056824a6a111c4fd392fd73935836c39c6d476b67bc25d0e11bcf96ef4a417cae58f5c0ce9b23a1ce9aada822dea2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 fd5a3faaa14fdbc0210964f808fc4d75
SHA1 64c07e9a386f05e693a6111f5391637106cf0b5a
SHA256 98bc0c0aed56b76f72cdd6945900a50798c20cf45c15a1a882cdbbbd10bd2f41
SHA512 741d1517a150fa5e5b281b119ee3955a9557dbfce998641a1556502decd45ad0926f8e3b11d8b309cd11704aa57132d7a0e3b57ccf3a2ad9d6852ac083960087

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 2e0ea2f9bfd1816ec421d09ce1e3512d
SHA1 6b5e0f967be65316695fa2cafa949fc0762470f9
SHA256 50290b946416ecd63d1c51f7f11d830aa5a91ba58cdf6c821d2f27286d68513a
SHA512 9ef3f7c44480fe27f6dbd5db5a09e81f1bf98806496d2e666a0d23752b27d8b86e2a4b305e231363c75bac591ee0dcaf537f47d00d3be46c7126e09a2583b410

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 0bb95019adab79737c715b8b535bd9c6
SHA1 d162453050aceef6172b6aaefa9a616f697f6a10
SHA256 10519ea7f75ef98f6aa902db4653b23969a9cdc3040437b838d5766b439e7519
SHA512 e2136e281026d61473fdf0fbe871ed4c6288bbf06a688582d0c27d85b6deb8d712ee59c9f9b9503d0a4bf84ea98ec1b711833bdd4725399d07a9ac90ea5f46c5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 4326e8d2fa6a51f163bfc8ea4e522f37
SHA1 639558d3895685b08b3a9e5fac5672fb74d2a956
SHA256 921941cdc8e248f6b804e321a3fcf23cf0b50d629100eb2080880c8f9e0d8279
SHA512 81fc53aef38c0681d7601ae2adc777804fe9f8a7ad64c586b5d8e0f5ba98e4fe710c7c1c12ebada7ee6f58df7f118f9265f217f13de8bf5a30bd5bf1ab0fdb44

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 b6e39c599f6fb527abff1f747bc2a8a5
SHA1 6704e7448e84f849bf7be6b114e9150cfa586d09
SHA256 3a8ad3c92ba53dcb280d6d6f92e24face94a5e6732b149aa8318bedd20961501
SHA512 f62979126eeebcb02425ff6deea0bb1740d205b2b9fde4631d4e191ff4123f428acefaa5cb7fed5f127c3d98ef2f4fdca788b90605fed1942e10ab57ce581bd1

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 4405984bbe297ad9cfb7175419752d55
SHA1 557d682fea2c1a49725f1d48f427048376ed94f9
SHA256 10d8d8ef4a9bfa4c031d0574508bd503d9940f6d2d55ac68de36a0623de6c7c6
SHA512 60cce5b6ebb1a4b370ea7c94ecfa99f3254468742b0f0aaca210956db6ac0fe99bb0e46fd158b3d9eccd0f888b1b0a5e35b4e61e06c13058094fb169cf487801

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 ae38cce13e08cb5a1b275306172371f0
SHA1 5164e31e6d27c5865973fe0bbe720fe0873ce06c
SHA256 80755e43654c47caeeabfa704015895ebe6faab4bb1ac1f3b8f7ec1e376793ce
SHA512 ad7b0730f90ebce217501aaa23a67b19941f039f6b3879a6565b28a405d58bc45fc602b40828d9b7d25cecc155a957d35caa3cc79f52018a96c8fb06baae5dd8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 d431d74d238d844d7649a14b76af9afb
SHA1 ed74beda53e154a23061ac2285f940ce51eddbea
SHA256 7c343eaccea5ca03682847509079c341d4a513fd7433826de68feea26be0a3f9
SHA512 7142ad410d83364355f833809b1e45fd9350043d87d2f22a47ebdd8ce1b7aab0a91df4acfe7cc2ef2c50e678d23597b9783213542382584e568f6276c6095ed8

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 cec563129f3fa116ac9596da7ebc5e5d
SHA1 b8e1f1ceef346480bf5b2f2becaf0c44f8262208
SHA256 7daaa8f7bda659ca1c33da33641d7b15d2332756a23d9e5a3ebd2392e3f67a2d
SHA512 c1ee452524aca163d0e557128e4b57996d805d5a01902be0a23d35211901928051e69f3531c12aa832abd4af52ffbb71256ec9d1df6549a3a835777f5f7dee68

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 b37e914f4b8e8dbadd4460b8d658b89d
SHA1 cd9dd08717b784178b16de2309c5407b111fd817
SHA256 58da78a90b507fcecc1e5095c297af0e372dc3de375c6421c8ec8ab4e85f01ef
SHA512 f735c9e658adb2af06be0bebf092ea737484c87929167c0f4fa0c575020f833884258be3e847ed55b7488f231ca9df2147d90210be56a637d60370aaea458b6e

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 55fa55a86836cd7426e6c314a39b7ada
SHA1 5efe6a51c9e5cd5a07baec14788f3f11b99cee71
SHA256 77695323e4e6c5f093638f5766263c5bf980a57f8fb8edbc9e635651f763faf6
SHA512 fb38a23ff8f9734fe239cd627a4a4ec30f47171b6318ce47db2a42418b66934ee947fcc103c0eaffb839ee01711bc2533d9f1329a387a9721769782abbfa6195

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 43cc7121000811f5b1131709328e2c3b
SHA1 1cd7ad776d499616570cd59bdcd02efbe5b9a819
SHA256 799bff9366dc82f979e9f201e1298d8e03ee5785143e09de3cfa150e4fbc548e
SHA512 2135bda1e173bc5806f0aa2a8f632dde71a270e4024c699b2acbf97b8293900c4cb82953ec98e916f3ccedcf75330ad4f755d7295f031dc834ec2ef4b95737eb

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 f996a10bb6d8a07a209487c132fdd0df
SHA1 439d151eab979e95ec9eb2360668a261067e044c
SHA256 564c8b4e8fe6770c6e173953a14b6145105cf1c9d25556198fdaf7daa624c2e8
SHA512 6fb40ab9695e8f3d67d3db740932670481f1a4e5003f38a6f78101f6f48623c6c3fdb34a5bdf9b0d5e4b561615c6dcb48da591f1b1ea4387cbf0a80420599825

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 754a8e5e984c03f6cf0b751d949a8323
SHA1 3b1f9aea681ee62ff4b8e120c1aedcd3bf4481e3
SHA256 26effc91dcd743ef0eba94024ab55b4b089f2f5685f1e8cbe1119d62919fd5bb
SHA512 a7abfe880ca19bb8d85b4b868543bb56aabb2587aed6986264ab873424507c1f05962911af7d9f38c8033f40877f21e225d89ed6f058fbe7e845a732ac62821d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 d2aa3b8c9807aff04712799a273305eb
SHA1 910138d6b083c71538ea2b7c9d14c5332bbdbd83
SHA256 fac65a8ed4a5e85aa98129f084af700fc07759413949a1328e906a3df0c1802a
SHA512 3b917ef3aa10ccecd62a8fab4925d0da65b76e8d74b5fecd038f353ffcc0e3b9f7c42aca68e57152890200adff5ad591034a63744b66c2e163fdf15658c15dda

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 3f234c361b57a84dbba9d58de42d6528
SHA1 4e3d7e9ac7fe7ecf7510b263a1b2f2d5f1c5fca3
SHA256 f9780e5916e3ccd5634d4022b8c94c43b4a207eb6260a5478cd4d2b66833297d
SHA512 ce3efe3e5155894819fd690686c4f3f85a1bfdb66e81fa81c4eaa510b7f528aa9450dee7ca1f5ea3230fefe424f20dbe5ca93f094bb9fe4ba8d793eb5f4f51b0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 7324b8d8c0b12fdadab7bb0f61c47cd9
SHA1 f736e89feb0b950c4fa770cf5556c2dca8fa788e
SHA256 a5ae4fa591bc3d676d83e3aac249ffdbdfdeab39c1dfabe3932722af1a42c594
SHA512 b239e87606ad97f63bae417c103fe127b23ae43af424c692a67bd3449fb116b6c011ee5785963a0d4133cb0cb1247f0d7e4e99bb9ce4bafb186a3f89ee7c8d50

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 b9fbe3bbfde4530989fa48dac51c9cd8
SHA1 64428ebeded433e45a8f73b5efeb0e346d56e20e
SHA256 ec9eb17af6a0bbe696b98331dc9a3b4188830b01fb5691876831c6fe4ab35936
SHA512 040cfc17d3dd390ca0f38260c876d8f0031e128943b9bbac096ab5be4db95916a00686af200679e43f74fe423fe31618b7b8bef1dfbb4c2b3ffab1ef1550a7ad

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 7c2e160bf839189f68bc223ba777ead5
SHA1 9e86268ef3daf25d09478a511552b8fae05e6ab3
SHA256 dd19a604b7de20fc94316af866a1a30a39b59e53145c619f8d970c094f038cc4
SHA512 cb6e586f174c97e9b4f22b986c43049d26817f981693333fe47074ccc37c256d68ee5c9467595e2a7cc2907ac747b1964ed11e63ecb169e03e97560898c0cedf

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 ef13952a9a860c6268d802efad684634
SHA1 a02cc9ea2d3502ef58a010c7ff1743da2faac9e4
SHA256 deda571ae5cda900c5c38517bbda5c9016bf766f64dc8e3df66e1ff053f37771
SHA512 ec51778eb71a446ff2d0a0f3b5f98adef998558792d794f2d9a4430989e26f2ea8745854e5bd58a3a4d5b91ba3a4729a0a051063db01460f21d0f680c4cbc9b3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 0422da721a1362bc647ff025133b35c5
SHA1 bf2bb25a23cb283b54b3c3ab4f15795fe370ad5d
SHA256 6f826cf52a1815e70482a768bd8180962c5ba6dcbf19bd5a5aaae2c0b9181cd1
SHA512 001988ce814c35616f0a6693b8c132ca29274a4dafa1c49c2b57c52e50c0741a007e6ffb26e4eacb8c2b59f92b7efdf620873d4f44eb3cb09d17c79c2d2ebd72

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 ac894314e9ba6ddbd25ed8ba222fd5d1
SHA1 93c70b41987b62419335c7b25af0a05f31abf909
SHA256 c02287bdc1b4191e767297cc99e72c26e5b780dfa59e74b6fb2c75f0c3ab5d6b
SHA512 e1cd89aaa337bf7929158916bb43dc5f0fa3577089e9479031912a30d07edca2c1d704fb923ae3aa3df942ceebb776db8a3d2410b442d87438fb0587967cdd77

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 17e04affe30c4621d2eff7d9391b8f54
SHA1 34715eb1afed795773c311a4718204139606daa6
SHA256 c354a246ceec15b7980a0cbaa3b66ec009eae3afaff7aba55482b4613e5ceae9
SHA512 096ff04d5f01efc1ff95c8f73f1fb4a5c7a1a77fdbff59b91ea363416474a1e31f141671ce0dc7070f022fe514d79da39b604f8001c7a21470732b06770b8e9a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 10dc566a228658b8b999d28db25e538e
SHA1 39485cae961636c60bcec526d8a75f763c618d9b
SHA256 ed9bae8119728724d38b25f76bae6143a37b084141257846bb6e68fa20e610c5
SHA512 42814df319cd52ae8c97eb1dad85d433fd27623ac1ae21ac9e34af5f01a1f0805d264fa94ab7d4d891283f00c2a9cf5677e12c46395680f98e6da92c4d42b3ec

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 93e8cc1a07f018941639fe149359a824
SHA1 25778117760957bd7c9fef7e053280c83fb3c4b5
SHA256 f16e653b56a1b2446067f3feaf1b98a0b8130aa701b53593a5c8ca4ded50b1ff
SHA512 8d19829ce33d001d22ec6383699b5fe2c39f1febe9e353326f5416a50a238e33e4ba0c6c0412408ab54113bc6b21dd853167feb7454ae4ca4a5ea6227275b8c5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 f05058e4caf591a5c76fefdf38f4c9ac
SHA1 2df7c3fbca27be204416d17f9a51c2783ced26bd
SHA256 efa17cda5889b19c9f5e27a3dd61fdbb94b16fc8d541650c26cafa23df354a3c
SHA512 d868cef9b0b0d2e7e99559313721f1153ee1ad825ee2ec33bb8b7495c36b01f7b5e88d1e7e80eadac0a5ceb56894a20d92d912e9351ca2b83ebf1bd362c355e0

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 dffd5b5617753bfc8593b587d434c168
SHA1 bc323d691e2ab98d6883dd3fd5bc13beb6104cd6
SHA256 b24fbc868154d17a2273e1877364c11e2dbd334439fd436cfcad5c52d2f03094
SHA512 92016b91cedf58f11868c78d91af888d4ef589343c64fafda208dee386364dd7edae8151878b6d3d3f943dbcefaa071c067048156398fd7a45f1ddd7f37f1b5f

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 54e5629f23e41416919fdf5f9e358e67
SHA1 8ecb3e6a7793a6ec2787bfa8ba5967255aa36dc9
SHA256 e0f3d5d99cfbe3bd7026fd3a75fb9e1e9d4e00596100e4d40abbf61f68f8b977
SHA512 3b6fc498c6e67fc10d87070d483f05187fbc0a969c3f09e17cc18ac3bfbf53b1a223045fbd1fa2d897900191db6f33d9a63fbaedee11e767778aed245813bab5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 4358f0c1182876221c16a85ee749405b
SHA1 c858e77d7bb6b7e1b374f66cf1488780df68f284
SHA256 c1a90d9387c7e11c2ff72c002d98b11c4d5f2091b3781a85254fccafc969a5e0
SHA512 680ba75b190fa21ca36bf98411a3d24be930376d8216a823c145d546bb0045ff19a787827f89f266a11a8a7eab64db1c18f29e15729ceaea3554eaf24c224aed

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 894ee18eb5fc6541618f694f9076a319
SHA1 083a1e1501774186e49001a8ef122647dce953ef
SHA256 0c763c91c3a638e2337d534cf268e1a03cb48bf4856ac9f0e7a7dd3c9c20e3be
SHA512 2cd273d26fbfb0ef85281cd6aa976eabdf4621cdd476c8b4e618ca77d5b8c2790442ec53aa9b2d40ca57bf47de3228e1742e6e196d529d2e90737408903b7026

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 b56a8cc1ca2fb215130ce9eef8528888
SHA1 567175b1c659ac71cebe876a3efadce19eebd5cb
SHA256 0b2bce668f966dc0ce26d95e01cbfb58fd51f50df7c54e0134e3a340bf072ca9
SHA512 4bb8c85a5c18515165ed52d7ed762565954644613e5ff42b4a3a16063a6073e43583da5ff2a88eb95daa661632a538809f8b688addd6b44554ea364f3da8c3f8

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 a0547fc49b3151c2ecf66660b34397a3
SHA1 43e70db05a31e9de0ceb6be4004257039729cd19
SHA256 4d896b768ba975d966e2cf83facbff63cde18570745f0069c72f847a04a42428
SHA512 9804bc0f9722b7a8d0c6cfb3438cafdbb361ced61fbd6041f750313fe394c3538573bce4cbaa47746097cf136fc81e411ccc707e0fdf0812cc79f941ff98e013

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 29608bffb2a49194fb853174355c7226
SHA1 1945edd250697370e5b0b1c6d5fb05b2abc70f0f
SHA256 478a0b08e8ef71111bfd1910d72d3dddc924e3970e2b45ae3d5fa053e37240b1
SHA512 3c8981149464369be369014e3d443a3d694f6d5d4e66c77623efa839e7435f51c45b8fcbb8b03a35eaed0c362b029710497dc851dc8d0297ba6f81c462bd0cbf

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 2687ba5ea7052d1ba9e054a508aaa9fa
SHA1 9d4db339dbbabc3c8804145904dbdc2ded3d174c
SHA256 f80a7dd65a91473dfc442739b53057516e90b27b80581e3e32c1fd12a7202e3e
SHA512 fb4a4caf40c41ebd95792eada576ace58fb674cdffde09f143085748e3f5f08366e4509def4a982223ffbdddfe42dbf0bff43de02b153a25177b4ad33bf41ba2

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 7e19fdf585f8c33a5c42b290ceb3f2f9
SHA1 dcec14e220059df10486c265bbee1cca6e1bc44b
SHA256 1a2ba09ee365236e859c7f8b07a07d424ed3b85df19da6022cca6c9b98a0377e
SHA512 62be8148c34ed54dfcd8dc87259058191cceeb6b4cb1b6a8aab68b57daa7234358b96cb4bfa49015c5c0f40a43252b79a3608fc906454a03d5f1fe02843f7b5a

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 7be6b953a6f88e9cb5e513a335fc4d4d
SHA1 d03152e3ba174d4ec0aeaf97651ca05e9ce1abc6
SHA256 0be76fd9661c34b541b02c9e0cb1b3e5ff3f01f7e4d96a1d6aad056a9c1f9ba8
SHA512 0908ff07e46e6a62489a935ec1a1700be0095899155663352e9c9e24577687e9763f9cc648fde90e8759cc805d0065ba1b3955f4e528ff6d67fdce4d23247eec